Hello, On the Nexpose dashboard there is a card called Most Common Solutions. I would like to download a CSV report of this card. I can find no way in order to accomplish this. How can I download a CSV report of the Most Common Solutions dashboard card? I appreciate any help I can get on this. Thank you, David
Posted by David Park 3 months ago
I am receiving this error on my Data Collection Management page for my InsightVM host. It appears that the domain admin account that we are using to collect machine and vulnerability data from endpoints is unable to send to the Rapid7 Nexpose Cloud.
Posted by david dvorin 3 months ago
Nexpose discovers Windows Server 2016 Core VMs as having different OS: Microsoft Windows Server 2016 Datacenter Edition Microsoft Windows Server 2016 Datacenter Edition 1607 If I run the benchmark policy CIS Microsoft Windows Server 2016 Member Server Level One v1.1.0 against Microsoft Windows Server 2016 Datacenter Edition I get no results (rule compliance N/A). If I run against the VM with OS Microsoft Windows Server 2016 Datacenter Edition 1607 I get a compliance score. Question is, if Nexpose is incorrectly identified asset, how can this be fixed? Authentication is setup by following the guide (the user is domain administrator and also added to local administrators group). How can this be fixed? How Nexpose discovers the OS version? Both VMs have same Windows build and version Thank you
Posted by Adrian Borlea 3 months ago
see title. Basically, what I'm wanting to do is run discovery scans on subnets(sites) and for the assets that are NOT in the Rapid7 Insight Agents site place them in a "Non Agent" site. How does the Dynamic Asset Group get updated? Or, Is there a better way to do this?
Posted by Jeremy Bullock 3 months ago
My VP wanted read access to the platform so we can start designing some executive dashboards. No problem, but now he gets emails for all the alerts. Problem. He does not need to see these and would prefer not to get them. Is there a way to prevent them for a single account or is it an all or nothing? If it is not possible, then that feature needs to be added in a future release. I should be able to give someone read access without them needing to get every alert email that comes out.
Posted by Kerry LeBlanc 3 months ago
Is there a way to bulk delete old nexpose reports? We have accumulated a lot of reports which were run. We can no longer view or download them but the entries still remain in the "View Reports" section. Looking for an alternative for deleting these report entries one by one manually.
Posted by Shubham Bhardwaj 3 months ago
Help, how so i solve this? Installed metasploit on kali linux with apt-get metasploit-framework. [-] Auxiliary failed: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed Full error: f5 auxiliary(gather/shodan_search) > run [-] Auxiliary failed: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed [-] Call stack: [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/protocol.rb:44:in `connect_nonblock' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/protocol.rb:44:in `ssl_socket_connect' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:948:in `connect' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:887:in `do_start' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:876:in `start' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:1407:in `request' [-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/shodan_search.rb:59:in `shodan_query' [-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/shodan_search.rb:109:in `run' [*] Auxiliary module execution completed
Posted by jepunband 3 months ago
I have Domain controllers trying to connect to the network honeyot below are a few examples Is this normal behavior? thanks mrodc01.servers.ipswitch.com attempted to connect to the network honeypot on port 58375 3 time(s) over UDP using a datagram packet, starting at Feb 26, 2019 6:58:16 PM and ending at Feb 26, 2019 6:58:23 PM o Honeypot Connection mrodc01.servers.ipswitch.com attempted to connect to the network honeypot on port 50263 3 time(s) over UDP using a datagram packet, starting at Feb 26, 2019 6:58:27 PM and ending at Feb 26, 2019 6:58:34 PM o Honeypot Connection mrodc01.servers.ipswitch.com attempted to connect to the network honeypot on port 54361 3 time(s) over UDP using a datagram packet, starting at Feb 26, 2019 6:58:16 PM and ending at Feb 26, 2019 6:58:23 PM
Posted by Robert York 3 months ago
Hi Guys Quick question for those with more experience, when you want to a exploit to host after doing the initial scan which options you use below. 1: The minimum reliability is set to GREAT or EXCELLENT? 2: Do you check the SKIP EXPLOITS THAT DO NOT MATCH THE HOST OS? 3: Do you check MATCH EXPLOITS BASED ON OPEN PORTS? 4: Do you check MATCH EXPLOITS BASED ON VULNERABILITY REFERENCES? Thank you!
Posted by norberto pino 3 months ago
The integration seems successful seeing that on the Cyberark side we can see query for the account in the logs. However when we run the test in Nexpose we see the unable to find credentials for Cyber-ark? Does anyone have any insight to this?
Posted by Logan Zellem 3 months ago
I can't scan anything always errors like this: Failed (java.io.IOException: The Nmap exit value is not zero: -1073741819 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run(Unknown Source) at com.rapid7.nexpose.scan.Scan.start(Unknown Source) at com.rapid7.nexpose.scan.Scan.run(Unknown Source) at java.lang.Thread.run(Thread.java:748) )
Posted by John Malcolm 3 months ago
Is it possible in InsightVM/Nexpose to create an exception for a specific vulnerability by the key or proof? The option that seems to make the most sense is "specific instance on this asset" but i want something more like "specific instance on all assets". For example, something like a CIFS account password never expires is OK as long as the username is NeverExpiringUser, but any other username being detected should still show up. Is the answer creating a specific exception on every single asset? That seems like it would take forever.
Posted by Dmitry Zagadsky 3 months ago