Is it possible to generate a report with only the selected vulnerabilities? Basically I'm trying to create a summary report excluding the safe and informational vulnerabilities. I tried filtering on severity and then selecting those, but when I generate the report it includes everything.
Posted by Mike Kauspedas about a year ago
My client's company is making a vulnerability assessment to Nexpose of assets being serviced over AWS. I have entered the Access key and Secret Key to scan AWS assets, but I am unable to retrieve them from the newsose. These are the findings I made during a few tests. 1.When I checked my scan logs, there was no problem locating the assets. This means that AWS keys are not considered problematic. 2. The asset has been viewed successfully, but the scan is failing. Based on what is printed on the UI, it does not appear that the information from the viewed assets can be saved to the site. Please let me know what is wrong and what is the solution. I will attach a screenshot related to the above.
Posted by yryim about a year ago
I would like to create a template that attempts a host of scenarios that relate to the OWASP T10 of web apps (so XSS, CSRF, SQLi, etc.). The web spidering engine says "It then analyzes this information for evidence of security flaws such as SQL injection, cross-site scripting (CSS/XSS), backup script files, readable CGI scripts, insecure password use, and other issues resulting from software defects or configuration errors" Does this mean its actively testing these things (i.e. validate they are present)? Or just flag if behavior is similar?
Posted by Eric A about a year ago
Hi, I'm looking for a query that shows me the locked accounts over a specific time frame. This can be done by simple using ACCOUNT_LOCKED in the Active Directory Admin Activity. I can also count the unique locked accounts. However I would like to have a query that checks if an account is locked more than once, in for example an hour instead of receiving an alert each time an account is locked.
Posted by Tom about a year ago
I'm trying to finalize our scan environment for Nexpose. I have a security controller(a VM) licensed and setup working in order. And due to our geographical diversity I needed to have scan engines setup at various locations also VMs. I have installed the scan engine software on the remote VMs. When I tried to add these newly setup scan engines to the console, I receive an error "scan engine certificate does not match stored certificate". Can you please help resolving this. I have excluded these scan engines from all of our IPS, Firewalls, McAfee HIPS and other devices in our infrastructure. Any prompt response would be greatly apprecaited. Thanks Chakra
Posted by Chakravarthy.firstname.lastname@example.org about a year ago
Yesterday I notices I couldn't connect to the Nexpose portal. I went to the installed server, and saw the Nespose Security Console Service wasn't running. I clicked start and got an error message: Error 255: the extended attributes are inconsistent. I downloaded and reinstalled the product, and restarted the server, but I still get the same response.
Posted by Dan Guzman about a year ago
Hi, got an issue with a DAG outcome. I have a site_A populated by AD connection with devices. Works well - it populates the site_A with names and OS, but not with IP addresses of the devices. Understood, need to do discovery to get IPs. I have no scans scheduled for site_A as it only serves as the AD connection population target. Than I have a DAG which filters the devices from site_A based on this filter: Site name - is - "site_A" Last scan date - earlier than - 1 day (1 day is for testing only, in production I will have 30 or so) The problem is that if site_A has just been populated with fresh new devices from AD connection the DAG won't return any devices regardless of the "last scan date" filter condition setting - I've tried both complementary options: (Last scan date - earlier than - 1 day) and (Last scan date - within the last - 1 day). DAG just don't show any devices from site_A. When I delete the second condition with "last scan date" and keep only the "site name..."condition the DAG correctly returns all the devices in site_A. I have also waited one, two and three days to check if days play any role in the DAG generating - but they obviously don't as I have been getting the same results each day. Am I doing anything wrong? Can anyone help? My aim is to scan the devices from site_A by small portions every day - so I thought I would manually run a scan for a small portion of devices each day until all of them are scanned and then let a site based on the DAG to be scanned every day on schedule. With the condition "Last scan date - earlier than - 30 days ago" in the DAG the daily scans will do only a small portion of devices which have not been scanned within last 30 days forever. Any better idea how to achieve that is also welcome. Thanks.
Posted by Jiri Dohnal about a year ago
1. I startup metaspolit in Kali terminal window . and open firefox , type in ''https://localhost:3790 '' but it says ''Unable to connect'' 2. I only see the operation with UI in the official DOC , so where I can learn the metaploit command ??
Posted by YuzhenChen about a year ago
I am trying to figure out a SQL query to pull how many vulnerabilities we had on a specific date. I am looking for something similar to the "Vulnerability Count Comparison" and the Nexpose "Vulnerability Trends report" where it will show the total amount of vulnerabilities on January 1st. After reviewing the Nexpose data base schema (https://help.rapid7.com/nexpose/en-us/warehouse/warehouse-schema.html) it looks like "fact_all_date" should be where I want to go but running a query selecting anything from this fact fails stating that it can not be found. I can pull from almost all other facts so I don't know if this is out of date. Has anyone else had any success with a query or found an up to date db scheme?
Posted by Robert DeBellis about a year ago
We need to use Rapid7 VM tool and integrate it with the CA Service Desk manager. Is it possible to do this? Also, I've read about Lieberman's RED software, is it possible to integrate Rapid7 with the help desk via this software?
Posted by Divya Ambwani about a year ago
Hi, we've installed an InsightVM scan engine on a Ubuntu 16.04 64-bit VM. When prompted, we chose to install a scan engine rather than a security console. We also chose for the communications to go from the console to the scan engine, so the scan engine should be listening for incoming communications on port 40814/tcp as I understand it. The installation appeared to be successful. Just to be safe, we rebooted the VM. We were never asked to enter our license key, which seemed odd. We also were never asked to input a shared secret from the security console. After installation, we do "netstat -an | grep LISTEN", and do not see port tcp/40814 as being in a listening state. I tried manually running: sudo systemctl start nexposeengine and sudo systemctl start nexposeengine.service Each time, "echo $?" shows the return code was 0, indicating it was successful, but we still don't see port tcp/40814 as listening. When I attempt to create a new scan engine from the security console, I input the scan engine IP but when the console tries to connect we see "java.net.ConnectException: Connection refused". Any idea what we're doing wrong? Thank you, -Kevin Cawlfield
Posted by Kevin Cawlfield about a year ago
Hi, we are trying to install Metasploit Pro on remote Ubuntu 16.04 LTS server in cloud and we followed recommended commands for linux headless server from official webpage: ``` wget http://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run chmod +x ./metasploit-latest-linux-x64-installer.run sudo ./metasploit-latest-linux-x64-installer.run ``` However, this always starts an GUI installer and we need to automate installation using ANSIBLE/BASH so we cannot use GUI but just CLI installer. Could please give us an advise on how to proceed? We have already purchased license so we need to start using it as soon as possible. Thanks a lot best regards, Ivan Ulicky Security Engineer
Posted by Ivan Ulicky about a year ago
Hi, I'm trying to follow the report customization referenced within the support documentation for InsightVM (https://insightvm.help.rapid7.com/docs/report-templates-and-sections), however for some of the reports (e.g. Top Remediations with Details) I do not have option to copy the report. Is there a way to copy this report to use as a template for custom reports as described in the documentation?
Posted by Eric A about a year ago
I am trying to active a new install of the virtual appliance. I keep getting 'activation failed cannot activate at this time'. I ran rebooted, and ran the diagnostics: Category Description Status Result Database Diagnostics Deleted Sites Consistency Success There are no partially deleted sites. Database Diagnostics Node Synopsis Consistency Success All nodes have synopsis data. Database Diagnostics Scan Synopsis Consistency Success All scans have synopsis data. Database Diagnostics Asset Synopsis Consistency Success All assets have synopsis data. Database Diagnostics Site Synopsis Consistency Success All site synopsis tables appear consistent. Database Diagnostics Asset Group Synopsis Consistency Success All asset groups have synopsis data. Database Diagnostics Scan Status Consistency Success All scan statuses appear consistent. Database Diagnostics Policy Synopsis Consistency Success The policy synopsis table appears to be consistent. Database Diagnostics Asset Policy Rule Synopsis Consistency Success All asset and policy rules have synopsis data. Database Diagnostics Asset Policy Synopsis Consistency Success All asset and policies have synopsis data. OS Diagnostics Supported OS Success System is running on a supported OS: Ubuntu Linux 16.04 OS Diagnostics Memory requirements Success Total OS memory: 7983MB JVM maximum memory: 5971MB. Used Memory: 2946MB OS Diagnostics Disk space requirements Success System meets minimum disk space requirements: 74928MB free. General Diagnostics VM Version Success VMSC Name: CN=Rapid7 Security Console, O=Rapid7 Last update: 117483016 (2018-03-14) VM version: OpenJDK 64-Bit Server VM 25.102-b14 (Linux amd64) OS version: Ubuntu Linux 16.04 General Diagnostics VM Scan Engine Version Success Local scan engine Status: Active OS version: Ubuntu Linux 16.04 Last Update: 117483016 (2018-03-14) Rapid7 Hosted Scan Engine Status: Unknown Network Diagnostics Host-based firewalls disabled Success Network Diagnostics Gateway Ping Success Gateway ping via ICMP ECHO () : ALIVE Gateway ping via TCP on port 21, 23 and 80 () : ALIVE Network Diagnostics DNS Name Resolution Success Successfully resolved 'www.rapid7.com' to 22.214.171.124
Posted by Michael Marohn about a year ago
Hello: Any custom metasploit module I create isn't getting loaded. I tried both of these demos: https://www.offensive-security.com/metasploit-unleashed/building-module/ and https://github.com/rapid7/metasploit-framework/wiki/Loading-External-Modules and got the same result that the modules were NOT found. Before posting here, I checked these out: https://forums.kali.org/showthread.php?28940-Metasploit-modules-not-loading! and https://www.offensive-security.com/metasploit-unleashed/modules-and-locations/ Just working with the later URL, on the Kali host, I do indeed have the file in the right location (according to the demo) root@kali:~/.msf4/modules/exploits/test# ls -al total 12 drwxr-xr-x 2 root root 4096 Mar 19 13:59 . drwxr-xr-x 3 root root 4096 Mar 19 13:58 .. -rw-r--r-- 1 root root 9 Mar 19 13:59 test_module.rb I then ran reload_all and when using this command: use exploit/test/test_module it returns with Failed to load module. I also tried to manually load that path and it failed too: msf > loadpath ~/.msf4/modules/ Loaded 0 modules: Any assistance you can provide in solving why metasploit isn't picking up any custom modules is greatly appreciated!
Posted by Chris about a year ago
I'm working on developing custom reports, similar to some of the .Jar files I've found here in the docs (like https://kb.help.rapid7.com/docs/trend-and-top-remediations-report-template). I'm new to Nexpose and just wanted to modify a couple of the rules around the template, and load it back into the Nexpose Report console using the upload a file option to create a new template. However when I repackage the .jar and upload it, I receive a message saying the file is not trusted. What is the proper channel/process to create a custom jar template like that? I appreciate your help!
Posted by Joshie Nygaard about a year ago
Hello, Based on documentation I should find "Amazon Web Services Asset Sync" in "Administration" -> "Connections" -> "Create/Manage". But from dropdown I can only see "Amazon Web Services (Legacy)" and other 5 none AWS related options. And it also redirects back to creation of connection without errors if I try to setup "AWS (Legacy)" option. So how to setup connection to AWS? Thanks Dainius
Posted by Dainius about a year ago
Hi We have a couple of servers scanned by insightvm (agent and ssh/key) which are reporting vulnerabilities from stored files (bundled JREs). These are part of installers stored on the machines with JRE bundled by vendor. Is there any way to exclude some paths from scanning (rather than exclude the hundreds of vulnerabilities reported)? Is there a better way to do this? Thanks,
Posted by h about a year ago