I would like to set up credentialed scans using InsightVM to scan our networking devices such as routers, switches, firewalls, etc. I was wondering if anyone would happen to know what show commands are ran on these devices when checking for vulnerabilities.
Posted by Amanda Marczak 16 days ago
Hello, I am trying to run a scan and it is not picking up the IP addresses I have specified or reporting on any vulnerabilities. The scan completes successfully without any asset or vulnerability showing. I tried pinging the IP addresses from nexpose and they are reachable. Kindly assist, as this is urgent.
Posted by Veronica 17 days ago
A routine backup maintenance initiated a restart, but did not complete the restart which produced a hung state. The last few log logs and then the error line: [INFO] [Thread: CPU Memory monitor] The CPU and memory monitor thread was interrupted : sleep interrupted. [INFO] [Thread: Security Console Restart] Shutting down. [INFO] [Thread: Security Console Restart] Shutting down scan manager. [INFO] [Thread: Security Console Restart] Shutting down local scan engine. [ERROR] [Thread: Security Console Restart] Engine update thread pool still running. After that are Java exceptions on a 10 minute interval: Caused by: java.lang.ClassNotFoundException: Illegal access: this web application instance has been stopped already. Could not load [com.rapid7.nex.domain.user.RequestUserProvider]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access. Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire field: private com.rapid7.nex.system.user.IRequestUserProvider com.rapid7.nexpose.nsc.web.config.DatabaseConfig.m_requestUserProvider; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [com.rapid7.nex.domain.user.RequestUserProvider] for bean with name 'requestUserProvider' defined in URL [jar:file:/opt/rapid7/nexpose/shared/lib/managed/domain-13.0.1.jar!/com/rapid7/nex/domain/user/RequestUserProvider.class]; nested exception is java.lang.ClassNotFoundException: Illegal access: this web application instance has been stopped already. Could not load [com.rapid7.nex.domain.user.RequestUserProvider]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access. Any insight into how/why this occurred and how to prevent?
Posted by William Shoemaker 18 days ago
Is it possible to view within Rapid7 if recommended patches have been superceeded by a different patch, and for whatever reason Nexpose has not yet been updated with this information? For example a couple of our servers this week came up with hits, and the recommended patch has been superceeded by a newer oner. Our DBs verified this via Oracle.
Posted by Russ Davis 20 days ago
I have an asset that was scanned, at one point it was using credentials, and when i recently tried to scan again it didn't use any credentials or creds are "unknown"; I have the same creds in the shared global page as they were before. Usually if they are expired it will say "failed credentials" anyone else experience this issue?
Posted by Vanessa villalpando 22 days ago
Is there any way to know what it is scanning, when it scans, and can you run a manual scan? Trying to see if the remediation makes a difference on remote systems, but not seeing updates in the console for a long time. Wondering if there is a way to get a scan done manually? What about remotely starting the agent? Would that kick off a scan?
Posted by Kerry LeBlanc 23 days ago
They have all access to the sites, assets and have ability to create reports. Dashboard has been shared, but the users cannot see it when they log in. Under 'shared with me' there are no dashboards listed, even the dashboard creator and owner shared it with them.
Posted by Kerry LeBlanc 27 days ago
Hello all, I am new to Nexpose and I am tasked with writing what should be a very easy sql query but not getting good results with it. I am trying to run a query on ALL assets with a Orcale products running on them. To further that i also need the version of the Oracle software. So far my sql queries are not pulling any data. Can anyone suggest a starting point? currently am using this sql query but it's returning no restults when I plug in Oracle SELECT da.ip_address, da.host_name, ds.vendor, ds.name as software_name, ds.family, ds.version FROM dim_asset_software das JOIN dim_software ds using (software_id) JOIN dim_asset da on da.asset_id = das.asset_id WHERE ds.name like'%Oracle' and ds.version <= '(Version you're looking for)'
Posted by James Palmer 28 days ago
My organization finally shifted to mandating that systems get vulnerability scans as part of the system development process and that all critical and high vulnerabilities be remediated before they go to production. A small VM team makes keeping up with all of these host scans extremely time-consuming. Has anyone here had any success rolling out a "Self-Service" scan for sysads to conduct on their own host scans. Ideally, VM would only have to step in to verify that remediations were conducted. Thank you!
Posted by Brandon B 28 days ago
In Nexpose, I have a several examples of assets that show X number of vulnerabilities when you look at a scan, but when you click on the asset or view the asset listed in a group, you see a number of vulnerabilities from a previous scan. It appears as though the asset is not updating with the most current scan data. Has anyone else experienced this?
Posted by Travis Crotteau 28 days ago
Hello, Running Nexpose against the Nexpose console, I get back: TLS Server Supports TLS version 1.0 TLS/SSL Server is enabling the BEAST attack Diffie-Hellman group smaller than 2048 bits TLS Server Supports TLS version 1.1 TLS/SSL Server Is Using Commonly Used Prime Numbers How can I remediate these?
Posted by Noah Birnel 29 days ago
Any tips to making the feature work? I've followed the guides below and still cannot get the assets the populate. https://insightvm.help.rapid7.com/docs/initiating-dynamic-discovery https://nexpose.help.rapid7.com/docs/discovering-microsoft-azure-instances
Posted by Patrick wade 29 days ago
COnfigured Appsider to use LDAP, new people are put into a client that has no rights or targets. Sheepishly I admit the entire team forgets how to move people out of the client into their proper client, can't find it in the documentation anywhere. It certainly isn't obvious. Reference: https://appspider.help.rapid7.com/docs/connecting-to-an-ldap-directory-server
Posted by Al Wilson about a month ago
I am trying to setup a side by side comparison with our current logging solution. I am unable to update log4net to the latest version (2.0.8) without breaking our current solution. This page https://docs.logentries.com/docs/log4net has slightly different instructions form this page https://insightops.help.rapid7.com/docs/log4net If I use the R7Insight.Log4net then logging to Insight Ops works but breaks our current solution, using logentries.log4net does not work for Insight Ops but our current solution does work. The R7Insights package requires log4net 2.0.8. Is there a way to use the logentries.log4net package to send logs to Insight Ops?
Posted by Nathanael Ness about a month ago
Hi, When I create a custom campaign on metasploit pro, Adding a USB Key with the default name clickme.exe, when I launch the campaign and double click on clickme.exe, nothing happens and findings doesn't show if I ran that file like how a phishing campaign works. What am I missing here?
Posted by Mike Nia about a month ago