I am trying to set up Endpoint monitoring in Scan Mode for one of our new sites. The collector sees a number of clients, but all of them are returning an error of "NO_DATA" I can't seem to find any resources on how to troubleshoot this issue.
Posted by Trey.Bushart about a year ago
Is everyone aware that Nexpose will not detect the Apache Struts 2 vulnerability that bit Equifax? We've got a vulnerable machine stood up and no discovery, even with a credentialed scan. They say its a "bug". Pretty big bug I would say.
Posted by Fred Smith about a year ago
I'm trialling InsightIDR; have set up various Data Collection sources; one being O365. Tenant ID all in and it initially worked; however it now keeps stating "Failed to fetch events from office365". I can stop/start and the status goes Green however then turns swiftly back to failed. And the latest entry in the 'raw log' stays the same from this point forward. Have tried editing and resubmitting the user creds. No joy. I tried this the past few days on a Linux box; this morning I've deployed a Windows box and the same issue occurs. Thanks
Posted by Neil M about a year ago
Does anyone have an example for me? I've searched and can't find anything. I am getting this in the logs: Invalid MAC address file, no MAC addresses will be trusted: /opt/rapid7/nexpose/plugins/java/1/NetworkScanners/1/filename.txt
Posted by MS about a year ago
I get this error with a simple scan for one subnet: Running this engine on a windows 10 Ent. Failed (java.io.IOException: The Nmap exit value is not zero: 255 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run(Unknown Source) at com.rapid7.nexpose.scan.Scan.start(Unknown Source) at com.rapid7.nexpose.scan.Scan.run(Unknown Source) at java.lang.Thread.run(Thread.java:745) ) I am open to any suggestions. Thanks, Joshua
Posted by Joshua about a year ago
Lots of questions on this: Does anyone do this? If so, did you see a major impact to implementing this? Do you know of a way to determine how many hosts currently would be able to use this (like a report that shows that the service is disabled)? What specific service(s) are enabled?
Posted by Trevor Steen about a year ago
What firewall rules are required to allow Nexpose to access the Cloud for the Dashboards to work? Our firewall is blocking a lot of communications from the scanner to the cloud. For example the connection eu.exposure-analytics.insight.rapid7.com (188.8.131.52) is blocked in the firewall. But also EXT-eu.exposure-analytics.insight.rapid7.com (184.108.40.206) is blocked. As this is using cloud services, it's possible that these addresses could change. Why is proxy awareness not available? This way we could just put in the url and even if the ip changes, this would not be a problem.
Posted by Russell about a year ago
Do you have any suggestions for how I would go about querying for log data that occurs during a specific range of hours? I'd still like the ability to change the timeframe using the standard tooling [ie Yesterday, Last7Days, etc]. This could be useful when logs during off-hours have 'noise' that may be ignored during analysis and alerting or when we want to focus on things like peak usage times for multi-day comparison. If this is possible it might be a good example to include on the LEQL page.
Posted by Ryan Peterson about a year ago
Running Nexpose/InsightVM in VMware Workstation Pro 14 on Windows 10 host. Everything works. Am able to access Security Console via 10.x.x.177:3780 I am also able to access Metasploit Pro on https://localhost:3790 Once I connect to the corporate VPN, I lose connection to Security Console. I have tried using the VM in Bridged as well as NAT mode. I have tried changing the IP of the VM (within Ubuntu) to match the /24 range and netmask of the Corporate network as well as the laptops. In certain cases I can Ping my pentest machine in the corporate network, and can in some cases ping from the VM to the Laptop. In other cases ping doesn't go in or out. My last option that I will try is to setup an SSH Tunnel from the VM, to my Pentest Host within the corp network, then back out to my Laptop. This is convoluted but it may work. Could you provide an idea of VMWare Workstation setup where I could possibly avoid this nonsense?
Posted by Scott Koff about a year ago
I've been trying to find where this might be configurable. On the Scan history page, it comes up with the scan name. It's interesting (and annoying) that when exporting, I wouldn't get the same thing I see. On a big site with many scans, not having the schedule name is less than helpful.
Posted by Russell Clements about a year ago