I have done the CIS benchmarks testing and the policy results are available but now I need to create reports for them. When I create the report using the built-in template "Policy Rule Breakdown Summary" I click to set the policies but CIS does not show in my choices. I am limited to only a few DISA STIG policies. An earlier report was available and I saw that 26 policies were selected but this is hidden and not able to be changed nor do those selected policies seem to exist outside of the old report. They are the CIS selections that I do not have access to now. Where is this bug reported and fixed?
Posted by Charlie Van Horn about a year ago
I've installed Metasploit and gotten to the point where I go to access the Web UI, but the page never loads and in the rare case where it has it doesn't reach the point for me to enter my product key. So can I have some assistance with this and figure out how to get it work?
Posted by Isaiah Todman about a year ago
Good afternoon, After going through the instructions for the integration, I believe the integration is configured correctly, but I am having trouble finding anyone with experience with this integration that can validate whether or not we are missing any components required to make it work. I'm hoping someone can possibly assist. Steps taken: 1. Installed the Ruby installer. 2. Installed the MSYS2 installer 3. Launched Ruby command prompt and installed the GEM 4. Browsed to the config folder and modified the variables in the file nexpose_thycotic.config file 5. From the Ruby bin folder we ran nexpose_thycotic 6. The results indicated the following information (cannot attach pic sorry) Logging enabled at level <info> Logging to Thycotic at https://secretserver URL Processing sites Processing site 1 Getting credentials for IP address Getting credentials for IP address Getting credentials for IP address (this continued for quite a few mor Finished processing 1 Question 1: If you see this output would it be safe to say that the integration was successful? Question 2: Would it also be safe to say that if we scan an asset that was listed in one of the Getting credentials for, Nexpose will automatically perform a credentialed scan provided the Nexpose name and Secret name match? Does anything need to be configured in the NSC to make it work? Thanks, Blind
Posted by Blindf8th about a year ago
When viewing the risk trend-line, the furthest right (most recent) scan result will show a ~30% up-tick in risk; however, and soon as a new scan is executed, the previous scan then reflects the appropriate risk. Only the most recent scan is shown as wildly inaccurate. What is causing this, and what can i do to fix the issue?
Posted by Connor about a year ago
When I call "solutions" endpoint it returns HTTP 400. Other endpoints work as expected. For example, following command: curl <BASE_URL>/api/3/solutions -H "Authorization: Basic <BASE64_USER_PASSWORD>" ...returns: { "status" : 400, "message" : "One or more arguments supplied in the request is invalid.", "links" : [ { "href" : "<BASE_URL>/api/3/solutions", "rel" : "self" } ] } At the same time "exploits" endpoint works: curl <BASE_URL>/api/3/exploits -H "Authorization: Basic <BASE64_USER_PASSWORD>" Maybe I'm doing something wrong, is there any other way to get all solutions via API?
Posted by D S about a year ago
We have a scanner in each VPC as recommended by Rapid7 and we have the asset discovery connector setup for AWS. How do you scan certain assets in the separate VPCs when all of the assets are in one site and you can't specify multiple scanners?
Posted by Eric Osmus about a year ago
I am currently configuring cloud event sources on InsighDR, i followed the steps in the user manual for the configuration of Office365 as an event source, the configuration shows successful but i don't see Office365 listed as one of my cloud event sources on the homepage, i am able to see "raw logs" but i can not do "Log Search". How do i enable a collector have connection to office365?
Posted by Agaje Kelvin about a year ago
I'm writing a vuln check and have run into a lack of either documentation or functionality in the format used to describe their requirements. Here's what I'm trying to accomplish: I have a known registry key that contains data in the following registry location(s): HKLM/SOFTWARE/MICROSOFT/WINDOWS NT/CurrentVersion/Image File Execution Options/random_subkey -> values I know exactly what I'm looking for in the values, and how to check for it. Here's my challenge: I can not predict the names of the "random_subkey". Here's the question: How do I write a vuln check for the presence of predictable values in unpredictable subkeys? If I could jam a <regex cflags="REG_ICASE">.*</regex> into the section that describes the name attribute of registryKey, that'd probably be ideal. I'm going to be testing that soon, and expect my syntax to be rejected because this is likely not how the engine works. Any of you VCK writers have any experience in achieving this sort of goal? TIA, Charles
Posted by Charles Jones about a year ago
Hello, when trying to run scan console () console goes onto maintenance mode and displays an error message "Critical error during initialization: PreparedStatementCallback; bad SQL grammar [SELECT licmod_id, licmod_name FROM nxadmin.lic_modules]; nested exception is org.postgresql.util.PSQLException: ERROR: relation "nxadmin.lic_modules" does not exist Position: 45" Already tried a solution suggested in a post about the locales and installation language. But Ive in En, and changing it does nothing to fix the problem. Install and uninstall several times always with the same result Can any one help me? Best regards
Posted by jorge sanz about a year ago
Hello! I am very new to kali linux and this stuff, I'm watching a tutorial and mine did not really work out as the tutorial showed. So I generated a reverse meterpreter with veil evasion which i have downloaded on another machine. My msf exploit does not fucntion properly though, i don't get any sessions etc. Expected behavior: msf exploit(multi/handler) > set payload windows/meterpreter/reverse_https payload => windows/meterpreter/reverse_https msf exploit(multi/handler) > set LHOST 10.0.2.15 LHOST => 10.0.2.15 msf exploit(multi/handler) > set LPORT 8080 LPORT => 8080 msf exploit(multi/handler) > exploit [] Started HTTPS reverse handler on https://10.0.2.15:8080 [] Starting the payload handler... Current behavior: msf exploit(multi/handler) > set payload windows/meterpreter/reverse_https payload => windows/meterpreter/reverse_https msf exploit(multi/handler) > set LHOST 10.0.2.15 LHOST => 10.0.2.15 msf exploit(multi/handler) > set LPORT 8080 LPORT => 8080 msf exploit(multi/handler) > exploit [*] Started HTTPS reverse handler on https://10.0.2.15:8080 Machine version Kali Linux 2017.3 Metasploit version metasploit v4.16.31-dev please help :) thanks in advance.
Posted by benjamin beckman about a year ago
We are trying to set up a limited user for authenticated vulnerability scans of MySQL databases and I have not been able to find any documentation describing what permissions are needed for the checks. Is there a resource available that can give me the list of checks run or at least the privileges used in the checks?
Posted by Joshua Hill about a year ago
I am setting up my lab environment to mirror my recently deployed production instance so I can test ruby scripts prior to running on production. We are running Ubuntu 14.04. I will admit I am not a Linux expert but pretty sure I ha When I go to install Ruby I am getting the following error user@server:/opt$ \curl –sSL https://get.rvm.io | bash –s stable –-ruby bash: –s: No such file or directory % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (6) Could not resolve host: xn--ssl-1n0a 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (35) gnutls_handshake() failed: Error in the pull function. I ran the following and it reports bash is installed and up to date. sudo apt-get update && sudo apt-get install bash bash is already the newest version (4.3-14ubuntu1.2). Anyone able to help get Ruby installed?
Posted by Tom Sikma about a year ago
I didn't see any mention of docker in the [api docs](https://help.rapid7.com/insightvm/en-us/api/index.html). I found this endpoint https://exposure-analytics.insight.rapid7.com/ea/container/api/1/registries/ but couldn't find any docs on its usage or how to auth with it.
Posted by Brad about a year ago
Is there a simple way to test a backup restore for Nexpose without actually doing a restore? I don't want to rollback my console unless I have to, but I would like to be sure that the encryption key and backups work as expected before I am in a position where I am depending on them working. I am guessing there is a way to test with a script or something but I have not seen any documentation on the topic and I'd rather not take up time trying to figure it out on my own if there is a simpler method as I don't have much time right now to spend on this issue.
Posted by Joshua Hill about a year ago
I have looked through the settings, but I have not found any way to change the severity ranges used in Nexpose. Is this possible? The problem we run into is that all our SLAs and internal timelines are based off the CVSS V3 levels (see https://nvd.nist.gov/vuln-metrics), such as Critical is equal to or greater than 9.0. This causes problems because developers go on the console and get differing information from our internal scoring causing confusion and questions that eat up the developer's and the security team's time.
Posted by Joshua Hill about a year ago