Can you advise on what registry keys Nexpose looks for in regards to the Meltdown/Spectre vulnerabilities? Our understanding is that to enable the software patches Microsoft has released for all three vulnerabilities, the following keys need to be set under HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management: FeatureSettingsOverride: 0 FeatureSettingsOverrideMask: 3 However, we have found assets in our inventory that have the following keys, which according to Microsoft is to disable all the mitigations. Nexpose is not showing these assets as being vulnerable to Meltdown or Spectre: FeatureSettingsOverride: 3 FeatureSettingsOverrideMask: 3 But Nexpose is (correctly, I believe) picking up assets that have the Spectre Variant 2 vulnerability because they have the following: FeatureSettingsOverride: 1 FeatureSettingsOverrideMask: 3 So basically the reg keys should be 3/0. But we have assets at 3/3 that are not showing vulnerable, and I'm not sure why?
Posted by John Magnetta 8 months ago
I would like to start automating full scans on newly discovered hosts and was looking to use the "Automated Actions" in Nexpose to do so. I would also like to move them to a new site to allow for more self service for reviewing scans. After reviewing this: https://blog.rapid7.com/2015/10/08/nexpose-60-new-feature-adaptive-security/, it looks like there should be an option for "Move to site and scan" however I do not see that option available to me in Nexpose. Is this option only available for certain discovery connections? Is there any way to do this with a normal discovery scan? I was successful at moving hosts to a new site with this action, however when I tried an automated action of "Scan in site" when "Known Asset available" it did not fire off a scan. I am guessing this is due to Nexpose not viewing these moved assets as assets belonging to that site until a scan is performed?
Posted by Robert DeBellis 8 months ago
Please stick/archive or move to knowledge base for others. Thank you. Rapid7 data warehouse extraction setup • Rapid7 data warehousing export only supports POSTGRES SQL; so install a new instance to use a staging/bucket location: o Download the flavor of POSTGRES you need. https://www.postgresql.org/download/ o Install an instance calling it whatever you want. If this is done on the Rapid7 host machine, you need to make sure to adjust the port address as the Rapid7 PG instance is using the default. o Make note of the admin login when you set it up. o After the install is complete, we need to make a new database inside it. For reference: the DB was labeled as: nxp_bucket If there is a need for UI tools; please see this link. • https://www.pgadmin.org/download/ • In order to get the data structure and data out of Rapid7, an export must be setup: o Log into Rapid7 and navigate to the “Administration” section. o Look for “Maintenance, Storage and Troubleshooting” section. o Locate the “Data Warehousing” description and click “Manage”. o This will bring you to configuration settings. Place a check to: “Enable export” DataModel: Dimensional Server address: (localhost, 127.0.0.1, or name of the server) Server port: (whatever port was assigned when the instance was installed) Database name: nxp_bucket (or whatever it was labeled as) User & Password Test the connection before continuing o Next, select the schedule that works best. o Data retention was left blank. o Save your configuration. • To get SSIS/SSDT packages to work (I used SQLServer2016 and MS SSDT), we need a driver and a DSN connection: o Download the latest driver, x64 is recommended. https://www.postgresql.org/ftp/odbc/versions/msi/ o Run through the install. o Next, open up ODBC Admin. Start > run ODBCAD32 o Once the ODBC Admin window is open: Click the SystemDSN tab Add new data source Scroll down and find “PostgreSQL Unicode” and click finish The next screen is the basic connection setup, all options were left default. Feel free to explore and tweak as needed. Test the connection before saving o Close the ODBC admin window. • Now a new ODBC connection can be set up inside SSDT: o Open SSDT, setup a new project, and add a new SSIS package. o In the “Connection Managers” section of the package, right-click and add a “New Connection”. In the list, scroll down to “ODBC” and click add In the connection manager, click “New” On the next window, use the drop down and the system DSN that was created earlier should be listed in the drop down. Use the Postgres one and provide the login info. Test the connection before clicking OK. o You should now have a new connection to work with in the package. • This setup exports **everything** into our staging/bucket. • Schema documentation can be found here: o https://help.rapid7.com/nexpose/en-us/warehouse/warehouse-schema.html • Using this documentation, code the package to pull as much or as little as needed.
Posted by Mark W 8 months ago
I installed the InsightVM engine on an ubuntu 16.04 server, went to the login page via https://public-ip:3780 and was not asked to enter the license key like I was on another test I did but where I used https://localhost:3780 instead. I tried to manually navigate to https://public-ip:3780/admin/global/nsc.jsp to enter in the license key but the licensing tab doesn't have a unique url to load that information.
Posted by Steve 8 months ago
In Nexpose i'm using API https://hostname:port/api/3/reports to configure report with format "csv-export". For csv format without adding filters I could observe that both vulnerable and non-vulnerable details are populated in report. Adding "statuses" as "vulnerable"in filter options for this API is throwing error as { "status": 400, "message": "The property 'filters' must not be defined in the 'CSV Export Report' object.", "links": [ { "href": "https://10.203.203.24:3780/api/3/reports", "rel": "self" } ] } I feel this is a bug where we cannot add filters to csv-export Can anyone confirm on this?
Posted by Suhas 8 months ago
Hey there I'm a user of kali linux 2018.2 and I have trouble with running metasplot/armitage. There is allways a trouble, "could not conect to database". I found a few suggestions how to fix it, but nothing worked, inclusive "postgresql" I have dual booted my windows 10 laptop (intel core i7 7500u, gtx 950m, 16 GB ram, other hardware information needed?) I'm useing wifi. Are there more informations, that would be important? Help would be very cool!
Posted by Hans Müller 8 months ago
I was wondering if there would be a way in a template/report to not show superseded patches. Has any had any previous success with either running a scan or report to only show the relevant patches? The "Top Remediations" report is looks to meet some of what I am looking for but seems to be missing some helpful information and is limited to a top 25. Ideally I still want to track all the vulns but provide a clean report that has only what patches need to be applied.
Posted by Robert DeBellis 8 months ago
I am trying to setup SAML authentication to InsightVM through OneLogin. Following the instructions on https://insightvm.help.rapid7.com/docs/configuring-saml-20-authentication I have created an app in OneLogin using the SAML Test Connector (IdP) and filled in the ACS (Consumer) URL, ACS (Consumer) URL Validator, and Audience fields. I added the Metadata into InsightVM and created a SAML account for a user to test with. When the user clicks the link they are taken to the login page and their email/password do not work. This is usually indicative of one of the URLs being incorrect or some other piece missing, but I am at a loss as to have is causing this.
Posted by Michael Wasserman 8 months ago
I have a system called Squared Up that I use to interface some other systems for dashboarding. I have been looking around trying to find a webapi for Insight IDR but I haven't found one. Does this exist and if not, can we get this added please? I'd like to be able to have a dashboard in my tool that displays alerts from SCOM and our Citrix Netscalers as well as display certain saved reports from IDR (AD/Exchange/Security related). This functionality would be fantastic. Otherwise, we will have an extra system to have to log into and sort through rather than being able to just use one. Thanks. Gary
Posted by Gary Jackson 8 months ago
After performing a discovery scan on two hosts, I attempt a Nexpose scan on those same hosts. The WebGUI takes me to the Imports screen. When I choose our internal nexpose server, a status bar appears on the screen. This status screen keeps moving, but never comes back. The web app essentially hangs - been stuck over 4 hours so far. Any ideas?
Posted by Jason Roberts 8 months ago
I would like to export CPE name from InsightVM. I found this in your FAQ "SCAP Compatible XML is also a "raw XML" format that includes Common Platform Enumeration (CPE) names for fingerprinted platforms." but when I export as SCAP Compatible XML there is no CPE names. Can you help me?
Posted by Arda E 8 months ago
I would like to create a script that applies an exception to an asset group. I have noted that Ruby does not have this as a "scope" option. ALL_INSTANCES = 'All Instances' ALL_INSTANCES_ON_A_SPECIFIC_ASSET = 'All Instances on a Specific Asset' ALL_INSTANCES_IN_A_SPECIFIC_SITE = 'All Instances in a Specific Site' SPECIFIC_INSTANCE_OF_SPECIFIC_ASSET = 'Specific Instance of Specific Asset' The API guide looks like it might: The type of the exception scope. One of: "Global", "Site", "Asset", "Asset Group", "Instance" Can someone confirm that 1. The API does have this feature and 2. is there plans to add this to Ruby. To be clear I don't want a script that looks for a dynamic asset group and applies an exception to every asset in the group. I want this applied at the asset group level.
Posted by Joseph Chapie 8 months ago
Hi there, I'm looking to produce a report showing all missing Microsoft patches - old and new naming schemes - but sorted oldest to newest, ideally the report would have the following columns: Asset Name, Patch Name, Patch Release Date, Last Scanned. I am not particularity good with SQL to be able to accomplish this, can someone help me out?
Posted by Anton 8 months ago
I'm receiving this error when I try to upgrade nexpose: "Update failed. Try again later or contact Technical Support.1 errors occurred during update. Detail: Update ID 961068857 is missing package or dependency. 0 downloaded. 0 approved. 0 applied. 0 total new." I'm not sure what dependency is it looking for. I am using Ubuntu
Posted by Dustin C 8 months ago
We are attempting to deploy the Insight Agent to be used with InsightVM, we have deployed it to 5 machines and after several days our system still shows 0 machines with agents. Is there something special that has to be done after installing to work with InsightVM??
Posted by Brian Carroll 8 months ago
Hello, I have big problem with metasploit database. I have upgraded my distro and installed packages and I'm running now postgresql 10. As from now, i can see the postgresql service is active. I then run msfdb init and I get this A database appears to be already configured, skipping initialization I run msfconsole but then the connection error shows up: Failed to connect to the database: could not connect to server: Connection refused Is the server running on host "localhost" (::1) and accepting TCP/IP connections on port 5432? could not connect to server: Connection refused Is the server running on host "localhost" (127.0.0.1) and accepting TCP/IP connections on port 5432? finally if i type db_status i get "postgresql selected, no connection" On the forums it is written that you need to fix the postgresql file.conf, but I don't have this file, although all packages are installed. I will be very grateful if someone will help me.
Posted by Demon13 8 months ago