see title. Basically, what I'm wanting to do is run discovery scans on subnets(sites) and for the assets that are NOT in the Rapid7 Insight Agents site place them in a "Non Agent" site. How does the Dynamic Asset Group get updated? Or, Is there a better way to do this?
Posted by Jeremy Bullock 5 months ago
My VP wanted read access to the platform so we can start designing some executive dashboards. No problem, but now he gets emails for all the alerts. Problem. He does not need to see these and would prefer not to get them. Is there a way to prevent them for a single account or is it an all or nothing? If it is not possible, then that feature needs to be added in a future release. I should be able to give someone read access without them needing to get every alert email that comes out.
Posted by Kerry LeBlanc 5 months ago
Is there a way to bulk delete old nexpose reports? We have accumulated a lot of reports which were run. We can no longer view or download them but the entries still remain in the "View Reports" section. Looking for an alternative for deleting these report entries one by one manually.
Posted by Shubham Bhardwaj 5 months ago
Help, how so i solve this? Installed metasploit on kali linux with apt-get metasploit-framework. [-] Auxiliary failed: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed Full error: f5 auxiliary(gather/shodan_search) > run [-] Auxiliary failed: OpenSSL::SSL::SSLError SSL_connect returned=1 errno=0 state=error: certificate verify failed [-] Call stack: [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/protocol.rb:44:in `connect_nonblock' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/protocol.rb:44:in `ssl_socket_connect' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:948:in `connect' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:887:in `do_start' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:876:in `start' [-] /opt/metasploit-framework/embedded/lib/ruby/2.4.0/net/http.rb:1407:in `request' [-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/shodan_search.rb:59:in `shodan_query' [-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/gather/shodan_search.rb:109:in `run' [*] Auxiliary module execution completed
Posted by jepunband 5 months ago
I have Domain controllers trying to connect to the network honeyot below are a few examples Is this normal behavior? thanks mrodc01.servers.ipswitch.com attempted to connect to the network honeypot on port 58375 3 time(s) over UDP using a datagram packet, starting at Feb 26, 2019 6:58:16 PM and ending at Feb 26, 2019 6:58:23 PM o Honeypot Connection mrodc01.servers.ipswitch.com attempted to connect to the network honeypot on port 50263 3 time(s) over UDP using a datagram packet, starting at Feb 26, 2019 6:58:27 PM and ending at Feb 26, 2019 6:58:34 PM o Honeypot Connection mrodc01.servers.ipswitch.com attempted to connect to the network honeypot on port 54361 3 time(s) over UDP using a datagram packet, starting at Feb 26, 2019 6:58:16 PM and ending at Feb 26, 2019 6:58:23 PM
Posted by Robert York 5 months ago
Hi Guys Quick question for those with more experience, when you want to a exploit to host after doing the initial scan which options you use below. 1: The minimum reliability is set to GREAT or EXCELLENT? 2: Do you check the SKIP EXPLOITS THAT DO NOT MATCH THE HOST OS? 3: Do you check MATCH EXPLOITS BASED ON OPEN PORTS? 4: Do you check MATCH EXPLOITS BASED ON VULNERABILITY REFERENCES? Thank you!
Posted by norberto pino 5 months ago
The integration seems successful seeing that on the Cyberark side we can see query for the account in the logs. However when we run the test in Nexpose we see the unable to find credentials for Cyber-ark? Does anyone have any insight to this?
Posted by Logan Zellem 5 months ago
I can't scan anything always errors like this: Failed (java.io.IOException: The Nmap exit value is not zero: -1073741819 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run(Unknown Source) at com.rapid7.nexpose.scan.Scan.start(Unknown Source) at com.rapid7.nexpose.scan.Scan.run(Unknown Source) at java.lang.Thread.run(Thread.java:748) )
Posted by John Malcolm 5 months ago
Is it possible in InsightVM/Nexpose to create an exception for a specific vulnerability by the key or proof? The option that seems to make the most sense is "specific instance on this asset" but i want something more like "specific instance on all assets". For example, something like a CIFS account password never expires is OK as long as the username is NeverExpiringUser, but any other username being detected should still show up. Is the answer creating a specific exception on every single asset? That seems like it would take forever.
Posted by Dmitry Zagadsky 5 months ago
hi i am finding it difficult for the Insight collector to get logs from the syslog already configured. the sophos XG firewall is sending logs to the syslog as we speak but the collector isnt recieving any as the event source created there is no raw data or EPM displayed . any suggestions
Posted by odida benedict 5 months ago
Has anyone actually been able to do this? The documentation below is BEYOND terrible. Does not make Rapid7 look good as a SIEM, especially next to Splunk whose documentation is, you know, helpful. https://insightidr.help.rapid7.com/docs/splunk#section-data-source
Posted by Jeff Smithwick 5 months ago
Hello, Just wanted to check if there is a sql query or a report template that would be able to give the status of the reported vulnerabilities ? The requirement is to add OPEN, CLOSED or NEW in the vulnerability status column. I have already gone through a SQL query which does this but that doesn't work as intended . Would like to know if there are any such queries. Even if there is no ready-made queries, would like to know which DB tables to relate to achieve this, so that I can give it a try. TIA
Posted by Vishva 5 months ago
hi, I'm writing a resource script that permits to exec an automated exploitation to some targets. I tried to use the instruction mod=framework.exploits.create(modname) and mod.exploit() or mod.exploit_simple(...) but those instructions after they are executed don't spawn a shell(I have already setted the datastore), so I tried to use run_single('use modname), run_single('set rhost ip), run_single(exploit), it worked but if some exploits fail I can't catch the exception. So what I have to do to launch an exploit and catch an exception if it fails?
Posted by lucaRuggeri1998 6 months ago
Hi there, If I use SSO to sign in to our Jira service and I created a new user to connect to JIRA from the InsightVM Console, should I use the account SSO password or create an API Token in JIRA and use that instead as the password for the Jira integration? Thanks.
Posted by Magno Logan 6 months ago
In configuring Sophos XG firewalls syslog for InsightIDR i'm finding that I am not getting any digestible events out of the logs that it's providing. Log Search has nothing to pull. We started with enabled all syslog options and we've dialed it back to options more pertinent to IDR. Current severity level is set to "Notification". Does anyone else have any experience configuring insightIDR for these devices?
Posted by Martino Popa 6 months ago