Hello, I need help with the InsightVM console. I made a backup of the Security Console and restore it in another console, but I have problems trying to open the following menus: Dashboard Projects Goals and SLAs Containers I get the following error: HTTP ERROR 401 Problem accessing / saml / SSO. Reason: Validation of protocol message signature
Posted by Albert 9 months ago
For example, I attempting to view all the logs in my set where the type field does not equal AWSAccount. An example of a logline that I would want to exclude is ```{ "eventVersion": "1.00", "userIdentity": { "type": "AWSAccount"``` My attempt ```where(type!=AWSAccount)``` does not actually filter results out. I have also tried ```where(userIdentity!=AWSAccount)``` and this doesn't work as well. Thanks in advance!
Posted by Stuart M 9 months ago
Hello, i would like to report a bug during the nexpose community license activation. After requesting a new product key (https://www.rapid7.com/info/nexpose-community/) and after installing the latest version available of nexpose community (downloaded from link suggested during licence key request), i've inserted the key received in the pop-up for activation. After this, the pop-up continues to appear telling me that the activation did not happen. Here below a snippet of ncs.sh log: 2018-12-18T06:47:16 [INFO] [Updater: Default] Patching JAR plugins/java/1/OracleLinuxRPMScanner/1/vulns.jar. 2018-12-18T06:47:17 [INFO] [Updater: Default] JAR patch applied to /opt/rapid7/nexpose/updates/scratch/updates/plugins/java/1/OracleLinuxRPMScanner/1/vulns.jar. 2018-12-18T06:47:17 [INFO] [Updater: Default] Patching JAR plugins/java/1/MozillaFirefoxScanner/1/vulns.jar. 2018-12-18T06:47:18 [INFO] [Updater: Default] JAR patch applied to /opt/rapid7/nexpose/updates/scratch/updates/plugins/java/1/MozillaFirefoxScanner/1/vulns.jar. 2018-12-18T06:47:18 [INFO] [Updater: Default] Updating file plugins/conf/exploits.xml. 2018-12-18T06:47:18 [INFO] [Updater: Default] Updating file at /opt/rapid7/nexpose/updates/scratch/updates/plugins/conf/exploits.xml. 2018-12-18T06:47:18 [INFO] [Updater: Default] Updating file plugins/conf/vuln_checks_modified.xml. 2018-12-18T06:47:18 [INFO] [Updater: Default] Updating file at /opt/rapid7/nexpose/updates/scratch/updates/plugins/conf/vuln_checks_modified.xml. 2018-12-18T06:47:18 [INFO] [Updater: Default] Updating file plugins/conf/correlation.xml. 2018-12-18T06:47:18 [INFO] [Updater: Default] Updating file at /opt/rapid7/nexpose/updates/scratch/updates/plugins/conf/correlation.xml. 2018-12-18T06:47:18 [INFO] [Updater: Default] Staging updatetable into scratch directory. 2018-12-18T06:47:18 [INFO] [Updater: Default] [Update Type: Content Only] Update ID XXXXXXX content staged successfully. 2018-12-18T06:47:20 [INFO] [Updater: Default] [Update Type: Content Only] [Started: 2018-12-18T14:41:35] [Duration: 0:05:44.313] Update completed successfully. 2018-12-18T06:47:21 [INFO] Reattempting product activation... 2018-12-18T06:47:21 [INFO] [Updater: Default] Establishing HTTP connection with updates.rapid7.com via proxy updates.rapid7.com:80. 2018-12-18T06:47:21 [WARN] [Updater: Default] [Update Type: Content Only] Unable to activate license. 2018-12-18T06:47:21 [INFO] [Updater: Default] [Update Type: Startup] Overall update status: SUCCESS. Content update completed. 2018-12-18T06:47:21 [INFO] [Updater: Default] [Update Type: Startup] Product update statistics: 0 Downloaded | 0 Approved | 0 Applied | 0 New 2018-12-18T06:47:21 [INFO] [Updater: Default] [Update Type: Startup] Content update statistics: 4 Downloaded | 0 Approved | 4 Applied | 4 New 2018-12-18T06:47:21 [INFO] [Updater: Default] [Update Type: Startup] Total new update entries: 4 2018-12-18T06:47:21 [INFO] Completed update processor initialization. 2018-12-18T06:47:21 [INFO] Generating feature set: /opt/rapid7/nexpose/nsc/htroot/scripts/nexpose-features.js 2018-12-18T06:47:22 [INFO] Refreshing scan engines. 2018-12-18T06:47:22 [WARN] Not licensed for Rapid7 Hosted Scan Engine. 2018-12-18T06:47:22 [WARN] Not licensed for scan engine pool. 2018-12-18T06:47:22 [INFO] [Started: 2018-12-18T14:47:22] [Duration: 0:00:00.019] Completed refreshing scan engines. 2018-12-18T06:47:22 [INFO] Activation successful. And this is the troubleshooting report from webapp UI: http://it.tinypic.com/r/2sbttz6/9 Thank you for support.
Posted by Gino Lava 10 months ago
Hello, I need help with the InsightVM console,I made a backup and imported it into a different console,then I made the restoration of the backup, but now when I try to open the menus it shows me the following error: An error was encountered processing your request. An unexpected error occurred. See the log file more information or contact support Someone knows this is due
Posted by luis alberto 10 months ago
A file containing Key is required for offline activation of the Metasploit. It is therefore requested that the authority concerned may please be approached for provn of the same . following error is emerged while providing the in hand activation key : error : Activation Failed: Failed to open TCP connection to updates.metasploit .com:443(getaddrinfo:The requested name is valid, but no data of the requested type was found).
Posted by SUH 10 months ago
Hi Sir ! I am configuring an authentication Tab for scanning web application on NEXPOSE. Following error appears on web server (websphere) on which our application is hosted .Following error string is also shown on GUI . This happens during authentication process on NEXPOSE . Error on Nexpose: Authentication failed .Use Valid Credentials ---------------------------------Error on Websphere --------------------- SEC J0369E :Authentication Failed when using LTPA . The exception is Javax.naming .AuthenticationException [LDAP:error code 49-80090308: LDAPErr:DSID-0c0903A9] SRVE0232E: Location cannot be null in .............. SendRedirect(location). ------------------------------------end Error-----------------------------------
Posted by SUH 10 months ago
Hi I have multible NIC's on the windows server where the InsightVM is installed. How can I define what NIC InsightVM must use. Today the local engine is local host 127.0.01 and I can see that is used both NIC's in the server. So I would like to define what NIC must use.
Posted by Jacob Husted 10 months ago
We have encountered scan pause with error "Scan paused by system because the scan duration has been met" . my question is why and how this happened and what could be done to avoid such an error in future. Thanks in advance.
Posted by sandeep 10 months ago
InsightIDR For example, I attempting to view all the logs in my set where the user field is "unknown" and there is data for the account field, ie it is not blank or missing. ```where(user="unknown" AND account=*)``` The above doesn't work, it doesn't like the asterisk.
Posted by Stuart M 10 months ago
I would like to know and if possible that i can , scan my work estate with host names not Ip address , As we are scanning sub nets and i dont feel i'm getting the best result. I tottaly get anything that is on a network could pose a problem . but i would like to set up a test Host names V Ip's .. Can anyone help me with this where and how do i configure
Posted by Guerino Ianzito 10 months ago
Hello, Currently configuring InsightIDR and InsightVM solutions, we are experiencing a major bug suspicion. Using the Insight Collector to fetch all the endpoint's agent data, we are facing the following case : - Our collector communicates through a white-list proxy to get to the internet (configured in config.properties), and can’t talk directly to internet. - We have white-listed URL's : https://eu.data.insight.rapid7.com, https://eu.endpoint.ingress.rapid7.com, https://s3.eu-central-1.amazonaws.com, as mentioned in the InsightIDR documentation. - Reports from agents to InsightIDR console through the collector works well, but we have no scan result on the Nexpose console. - The collector logs keep spamming : "Failed to connect to remote: eu.bootstrap.endpoint.ingress.rapid7.com:443", so we tried to white-list this URL too, but we couldn't see it rejected by the proxy anyway. - We figured out that, very likely, the Collector use the configured proxy to get to the 3 white-listed URL’s, but not to the 4th. ---> The bug is that the Collector does not use the proxy to talk to the URL “eu.bootstrap.endpoint.ingress.rapid7.com:443”. Am I right ? Is my comprehension of Rapid7 products correct ? Is that a bug ? Thanks in advance, Maxime
Posted by MaximeL 10 months ago