When nexpose throws a positive vulnerability, sometimes the Proof indicates a missing patch. Is there a way to verify if a vulnerability check exists for a specific OS security patch? Or, how could I create a custom vulnerability check to identify if a patch is installed? The OS we have is IBM AIX
Posted by Alejandro Luna 8 months ago
I'm looking to create a report similar one of the dashboard cards - Assets by Vulnerability Severity - but detailed out by site. I am tracking this number on multiple sites and have been pulling this data manually from the dashboard. Example: Site Critical Severe Moderate ABC 10 20 30
Posted by Cory Nakauchi 8 months ago
Gives below error : Failure while communicating with console java.lang.runtimeexception: javax.net.ssl.SSLpeerunverified excepition : peer not authenticated at com.rapid7.net.sslsocket.getremotecertificate(unknown source) -[r7shared.jar:na] at com.rapid7.nexpose.nse.NSEMANAGER$NSEConnection.initconnection(unknown source) [nse.jar:na] caused by : javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated sun.security.ssl.SSLSessionImp.getpeercertifcatechain(SSLSessionImpl.java:491) ~[na:1.8.0_162_ Earlier we have paired scan engine by Generating Key - and port communication is on with 40814 and 40815 port.. Let us know the issue where actually it persist.. Configuring Agent all the time won't be a feasible solution.
Posted by rajmin panchal 8 months ago
Please list down the steps or necessary documentation after deploying Azure Rapid7 VM Scan Engine. As i couldnt find any proper documentation in https://azuremarketplace.microsoft.com/en-us/marketplace/apps/rapid7.nexpose-scan-engine
Posted by Santhosh M 8 months ago
Hi, I have entered the required credentials, but receive errors: java.util.concurrent.ExecutionException: com.hierynomus.smbj.common.SMBRuntimeException: com.hierynomus.protocol.transport.TransportException: java.io.EOFException: EOF while reading packet any ideas? thanks, Sion
Posted by Sion R 8 months ago
I know we aren't the only ones with this issue, I've googled it. What is the official or unofficial fix to properly fingerprint and scan Cisco IP phones? the data is all over the place currently and they are basically useless to scan in its current state
Posted by Matt Wyen 8 months ago
What could cause Rapid7 to detect vulnerabilities with software that does not reflect the installed version on the machine? I have zero pending patches on a few specific machines and Rapid7 is inflating their associated risk score due to version mis-matches. Is there a way to get a proper scan that reflects the current versions?
Posted by Chris Newcomb 8 months ago
"https://nexpose:3780/api/3/sites/1/site_credentials" returns a list of site specific credentials as expected. "https://nexpose:3780/api/3/sites/1/site_credentials/1" returns "404 Not Found" even though the id used is valid and shown in the first returned list. Is this a bug or something simple I am missing?! Thanks
Posted by Mike 8 months ago
To start I'd like to thank Jasey DePriest for getting me this far into the Rabbit hole from the 5a0565fd82cf83001c169616 discussion post. I have the below query and the problem I am dealing with is if there is an owner tag I am getting duplicate entries the second being a null. The desire is to wind up with all assets with expiring certificates and for those with a tag like Owner to show that tag otherwise null. I built an API with powershell (ironically) that pulls from our inventory system and updates tags on known devices, and having this in the report will help identify what teams need to be engaged. Also as I am no database wizard much less with PostgreSQL.. this is a query cobbled together from other queries JOIN'd to the the one Jasey posted which got me all the broken down SSL cert info pulled from one column. So any optimizations or improvements are more then welcome ~Will ------------------------------------------------------------------------------------------------------------------ WITH owner_asset_tags AS ( SELECT DISTINCT asset_group_id, name FROM dim_asset_group WHERE (lower(dim_asset_group.name) LIKE 'owner - %') ) SELECT DISTINCT da.last_assessed_for_vulnerabilities AS "Last Scan Date", da.ip_address AS "Host IP Address", da.host_name AS "Hostname", da.mac_address AS "MAC Address", dos.description AS "Operating System", fa.scan_started AS "Last Scan Date", oat.name AS "Asset Group", json_certs.port AS "Port", json_certs.cert->>'ssl.cert.issuer.dn' AS "Issuer", json_certs.cert->>'ssl.cert.subject.dn' AS "Subject", json_certs.cert->>'ssl.cert.key.alg.name' AS "Algorithm", json_certs.cert->>'ssl.cert.sig.alg.name' AS "Algorithm Signature", json_certs.cert->>'ssl.cert.key.rsa.modulusBits' AS "Key Size", json_certs.cert->>'ssl.cert.not.valid.before' AS "Invalid Before", json_certs.cert->>'ssl.cert.not.valid.after' AS "Invalid After", (CAST(json_certs.cert->>'ssl.cert.not.valid.after' AS DATE) - CURRENT_DATE) AS "Expires In (days)" FROM ( SELECT asset_id, service_id, port, json_object_agg(name, replace(value::text, '"', '')) as cert FROM dim_asset_service_configuration WHERE lower(name) like 'ssl.cert.%' GROUP BY 1, 2, 3 ) as json_certs JOIN dim_asset AS da USING (asset_id) JOIN dim_operating_system dos ON dos.operating_system_id = da.operating_system_id JOIN fact_asset fa ON fa.asset_id = da.asset_id JOIN dim_asset_group_asset daga ON daga.asset_id = da.asset_id LEFT OUTER JOIN owner_asset_tags oat ON oat.asset_group_id = daga.asset_group_id WHERE (cast(json_certs.cert->>'ssl.cert.not.valid.after' AS DATE) - CURRENT_TIMESTAMP <= INTERVAL '90 days')
Posted by William Pfeifer 8 months ago
Hello, Is there a custom report or SQL query that I can run to provide me with what software is EOL if available that are on all of our assets? I found a card on the dashboard "Assets Running Obsolete Software". It does not give me any info besides the OS which I already have on a different card. I have Nexpose/InsightVM. Thanks!
Posted by Randy Bruski 8 months ago