How can CVE-2019-0232 be detected by InsightVM on a Linux server? I could be missing something, but I have a Linux systems that has an identified vulnerability, Apache Tomcat: Important: Remote Code Execution on Windows (CVE-2019-0232).
Posted by Kyle Dellinger about a month ago
I have an error messages when installing InsightVM on Ubuntu 16.04 LTS. When running ./Rapid7Setup-Linux64.bin -c, it comes with this error messages: Unpacking JRE ... Starting Installer ... //Rapid7Setup-Linux64.bin.1477.dir/jre/bin/java: 13: //Rapid7Setup-Linux64.bin.1477.dir/jre/bin/java: Syntax error: "(" unexpected (expecting ")") Is there anyone have same problem?... Please share how to solve it... Thank you very much.
Posted by Dewi Fitri about a month ago
Hello. I'm getting an error message when the emails are being sent: STOREDRV.Submission.Exception:SendAsDeniedException.MapiExceptionSendAsDenied; Failed to process message due to a permanent exception with message I'm using Office 365 settings for the email server. I get a success message, but the emails never send.
Posted by Jason about a month ago
Created a couple of honey files. Agent existed on the system prior to their creation. Correct event auditing already configured and confirmed. Configured in Insight with actual path on server as agent would see it. Access files from network share, modified them, zipped them into an archive. No alerts. Anyone working with these? Did I miss a step? Install the Insight Agent on the Windows server hosting a network file share. DONE Enable the Audit Detailed File Share logging (if it is not already enabled). This can be configured in group policy or in the system's Local Security Policy. DONE Create a new file in the desired location on the network file share. The file can be of any type, name, or content. DONE Make note of the full path to the file. DONE From your InsightIDR homepage, select Settings on the left menu. Find and select Honey Files in the list. Click the Add a New Honey File button in the top right corner. DONE A panel will appear. Enter the full local path to the file, as the Insight Agent would see it. Select the asset that you previously configured. DONE Click Add. DONE Test fails. No alerts generated
Posted by Kerry LeBlanc 2 months ago
If an EC2 instance gets terminated, what's the best way to automatically have it cleaned up from the InsightVM console? Currently, I have sync turned on, but it doesn't seem to remove old assets that are not in AWS. I am using the new Amazon Web Services Asset Sync discovery connection. In addition, are there any plans to add Instance State to the InsightVM console, so I can filter or report on assets that are currently running?
Posted by Ilya 2 months ago
I am trying to get Site information for a known Asset using the API but am not finding a direct path to do so. The [getAsset](https://help.rapid7.com/insightvm/en-us/api/index.html#operation/getAsset) endpoint response does not include Sites associated with the Asset from what I can see. [Asset Search](https://help.rapid7.com/insightvm/en-us/api/index.html#operation/findAssets) does allow for a filter in the request body to include site-id, but that involves knowing the Site going in to the search. The response from this endpoint does not include the site-id even though you can use it to search. I really want to avoid getting all Sites and then iterating over those to get all Site Assets and working backwards from there. A few ideas came up as potential workarounds. One would be to use Tags on Assets where certain Tags are reserved for specific Sites. That is a less than ideal workaround since users could add Tags to their Assets on their own so could mistakenly add a Tag reserved for a Site they don't belong to. This article, https://kb.help.rapid7.com/discuss/59b9a1439045c30026ca390b, has a way to link Assets to Sites via SQL so it appears it can be done. Although not a good idea by any means and I don't even know if it would work, I thought about running this as a report and then grabbing the report results via the API to provide this relationship. Sites also show up in the UI when looking at an Asset, so obviously the relationship exists but I can't seem to get to it cleanly using the API.
Posted by Eric Urban 2 months ago
Hi, I am trying to connect Sendgrid to Metasploit Pro. For Social Engineering. It won't connect (timeout.) I'm using the username "apikey" and password "my long key." That's the info Sendgrid gave me. Should I try my email and password? Does anyone know how I can connect and not timeout? Here's info below... Server sendgrid.net smtp.sendgrid.net Ports 25, 587 (for unencrypted/TLS connections) 465 (for SSL connections) Username apikey Password SG.kSBwDLGITxxx etc...
Posted by Mike Held 2 months ago
It is currently not possible to combine multiple criterias that must match via "all" and matching any of those with another "any" query, so to say a subquery. It would be really helpful to mix "any" and "all" filter for dynamic asset groups. Is this planned or is there a workaround?
Posted by David Prüller 2 months ago
Hi, I wanted to know for example how many assets have actively targeted vulnerabilities or what remediation efficiency they have, but those data is restricted to the exposure analytics platform and is currently not queryable. Will this be implemented or is there a workaround?
Posted by David Prüller 2 months ago
Hi everyone, I am dealing with a website on Microsoft-IIS/8.5 (OS: Windows Server 2012). I was sent a module that can be used to execute a payload on IIS servers that have world-writeable directories. The payload is uploaded as an ASP script via a WebDAV PUT request. I loaded it within the Metasploit console: https://i.imgur.com/8xtxVqg.png So I set up 'RHOSTS' with the IP address of the server, and I don't know if there is something else that I must change. When I run the exploit only with the described change, I got an error message saying 'Upload failed on /metasploitblablabla.txt [303 See other]'. I suggest that this is normal because I have not used any payloads. I tried some of them, and the messages were the same. As you may see, I haven't got any experience with this framework, and any help would be appreciated. What am I doing wrong?
Posted by Elizabeth R Casale 2 months ago
I am attempting to scan one ip that will have images reloaded on it to often. We have gotten them to scan few times but i have had to delete the cache and historical data each time. Now it wont scan at all, if it does it will scan for 13 minutes say its found 32 vulnerabilities then finish and have 0 vulnerabilities. Logs show 32 i have a case in, just wanted to see if anyone has had this problem or know what is going on. The ip is used for distributions of workstations but instead of going to all kinds of physical machines they use one ip upload the image scan and patch the delete it, upload again so on and so on.
Posted by Vanessa villalpando 2 months ago
I would like to set up credentialed scans using InsightVM to scan our networking devices such as routers, switches, firewalls, etc. I was wondering if anyone would happen to know what show commands are ran on these devices when checking for vulnerabilities.
Posted by Amanda Marczak 2 months ago