Hi all, I am having an issue with Nexpose APIv3. I have a problem with acceptance of JSON request on server side. On the other hand GET is working fine. The content of my JSON file is below. I am calling API by path "https://nexpose.mydomain.com:3780/api/3/sites", based on your documentation here https://help.rapid7.com/insightvm/en-us/api/index.html#operation/createSite but I am still getting *HTTP Error 400: Bad Request*. So, I guess there is some mistake in my JSON file. According to documentation there is only one required parameter "name". I would really appreciate if you can help me with this. What is probably missing or wrong in my JSON file? Is there any standard which must be used for JSON data such as RFC 4627, RFC 7159, ECMA-404? Thank you very much! Jan ##JSON file post_sites.json { "description":"testing-site", "engineId":"", "importance":"normal", "links":[ { "href":"", "rel":"" } ], "name":"my-first-site", "scan":{ "assets":{ "excludedAssetGroups":{ "assetGroupIDs":[ 0 ], "links":[ { "href":"", "rel":"" } ] }, "excludedTargets":{ "addresses":[ "string" ], "links":[ { "href":"", "rel":"" } ] }, "includedAssetGroups":{ "assetGroupIDs":[ 0 ], "links":[ { "href":"", "rel":"" } ] }, "includedTargets":{ "addresses":[ "string" ], "links":[ { "href":"", "rel":"" } ] } }, "connection":{ "id":"" } }, "scanTemplateId":"testing-template" }
Posted by Jan Stangler 10 months ago
Looking for help on a SQL query. I am looking to get a count of critical, severe and moderate vulns on an asset as well as total vulns. I have been successful with the getting the count of total vulns with a simple count vulnerability_id from dim_vulnerability however the severity is a problem. Since the severity is stores in dim_vulnerability table severity I can not find a way to break out a count of each specific criticality. Below is my attempt at a SQL query but I feel like it may be way too jacked up for fixing. WITH critical_vuln_count AS ( SELECT COUNT dv.severity FROM fact_asset_date('2018-09-01', current_date, INTERVAL '1 year')fad LEFT OUTER JOIN dim_asset as da on fad.asset_id = da.asset_id LEFT OUTER JOIN fact_asset_vulnerability_age as fava on fava.asset_id = da.asset_id LEFT OUTER JOIN dim_vulnerability as dv on dv.vulnerability_id = fava.vulnerability_id WHERE now() - dv.date_published > INTERVAL '30 days' AND dv.severity = 'Critcal' ) SELECT da.ip_address as "IP Address", da.host_name as "Host Name", dos.description AS "Operating System", fad.day as "Date of Summary", COUNT (dv.title) as "Total_Vulnerabilities", cvc.critical_vuln_count FROM fact_asset_date('2018-09-01', current_date, INTERVAL '1 year')fad LEFT OUTER JOIN dim_asset as da on fad.asset_id = da.asset_id LEFT OUTER JOIN dim_operating_system as dos on da.operating_system_id = dos.operating_system_id LEFT OUTER JOIN fact_asset_vulnerability_age as fava on fava.asset_id = da.asset_id LEFT OUTER JOIN dim_vulnerability as dv on dv.vulnerability_id = fava.vulnerability_id LEFT OUTER JOIN critical_vuln_count as cvc using (severity) WHERE now() - dv.date_published > INTERVAL '30 days' GROUP BY "IP Address", "Host Name", "Operating System", "Date of Summary", "critical_vuln_count" I know that there is a table that naturally has this data but in my experience it looks like those are raw values and and are not subject to where parameters such as date published > 30 days.
Posted by Robert DeBellis 10 months ago
Hi, I am currently running Rapid7 on a windows 10 VM, and was using the scanner fine until recently when the application starts up in maintenance mode with no changes in progress. It showed the following message : Critical error during initialization: PreparedStatementCallback; bad SQL grammar [SELECT licmod_id, licmod_name FROM nxadmin.lic_modules]; nested exception is org.postgresql.util.PSQLException: ERROR: relation "nxadmin.lic_modules" does not exist Position: 45 I dont seem to be able to find a solution. Please help !
Posted by Jeff Sng 10 months ago
Hi, I am working with the Community Version. In the Scan Report I see that there was a identification for 112 Vuls, but in the console I can not see any results. The scan Template is "Full audit without Web Spider". What can I do to see the vulnerabilities? Or is that a problem with the community license? S.
Posted by S. 10 months ago
The "New Discovery Connection" form is missing the Azure Connection Type from the drop down. It has an error upon page load "Failed to get integration connection types: Not Found" https://topf5.com/2RuSJbB I've been following this documentation: https://nexpose.help.rapid7.com/docs/creating-and-managing-dynamic-discovery-connections#section-adding-a-microsoft-azure-connection I've already run the "update now" from the "screen -r nexpose" session and that didn't fix it.
Posted by Adam Cloud 10 months ago
I have just installed RAPID7 VM for console in azure using azure market place. I am trying to login to teh nexpose console via chrome browser like https://<ipaddress>:3780. I am not able to connect to the web console. It says site cannot be reached. Port 3780 is open for anywhere.
Posted by rajith 10 months ago
Hello, is it possible for InsightVM to highlight vulnerability trends for a "individual vulnerability"? What do I mean? After a remediation has been applied, there should be a statistical review to indicate a increase or decrease based on the specific vulnerability.
Posted by Delano Sinclair 10 months ago
When I scan the assets (already shown at the credentials testing ), the result is 0 assets and 0 vulnerabilities, of course, with that messageat Scan Status: Failed (java.io.IOException: The Nmap exit value is not zero: -1073741819at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source)at com.rapid7.nexpose.scan.nmap.Nmap.run(Unknown Source)at com.rapid7.nexpose.scan.Scan.start(Unknown Source)at com.rapid7.nexpose.scan.Scan.run(Unknown Source)at java.lang.Thread.run(Thread.java:748) ) What I made wrong? Thanks.
Posted by Ionel Mirzac 10 months ago
Hello guys, My question is about the duration of the webscan. How long does it take "normally" to take a scan of a web? I have to run the scan aproximately to a 58 websites and i splitted it in three scan. 1 scan: 20 webs 2 scan: 20 webs 3 scan: 18 webs I run the first one and i had to stop it after 4-5 hours because it was telling me that the duration was 2-3 days aproximately and i think that's crazy. Same when i tried with the second one. Maybe i'm doing something wrong when i'm setting up the scans but anyway i couldn't find anywhere a guide or something to how to deploy scans correctly. (I read the user guide and didn't help...does not explain real cases for example) Can someone help me? Thank you in advance
Posted by Pedro Pablo Mula 10 months ago
What is the best practice for deleting a remediation project that has automated ticketing enabled? Remediation projects have been created with automated tickets in ServiceNow but the ServiceNow Incident is missing information designated for the additional comments field. I would like to delete the tickets and the remediation projects to recreate them. What's the best practice for doing this?
Posted by Penny Maples 10 months ago
Hi, I am running metaspoilt on Fedora Linux 27. I am able to use non root user to run msfconsole and connect to msf database. But when try to do port scan, I have the following errors. msf > use auxiliary/scanner/portscan/syn msf auxiliary(scanner/portscan/syn) > run SIOCSIFFLAGS: Operation not permitted [-] Auxiliary failed: RuntimeError enp5s0: You don't have permission to capture on that device (socket: Operation not permitted) [-] Call stack: [-] /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/capture.rb:124:in `open_live' [-] /opt/metasploit-framework/embedded/framework/lib/msf/core/exploit/capture.rb:124:in `open_pcap' [-] /opt/metasploit-framework/embedded/framework/modules/auxiliary/scanner/portscan/syn.rb:58:in `run_batch' [-] /opt/metasploit-framework/embedded/framework/lib/msf/core/auxiliary/scanner.rb:215:in `block in run' [-] /opt/metasploit-framework/embedded/framework/lib/msf/core/thread_manager.rb:100:in `block in spawn' [*] Auxiliary module execution completed When I use root to do msfconsole or from non root user to do sudo msfconsole, it is unable to connect to database msf > db_status [*] postgresql selected, no connection I was clueless how to solve the error, really appreciate someone that can help? Thank you
Posted by JT Lai 10 months ago
Wanted to remove some static sites in favor of dynamic sites - Created connections to our vSphere - created the sites using the new vSphere connections to discover the assets - deleted the old static sites - all the data seems to be unaffected except from the Trends Report which only shows about the last month's worth of data - anyone have any idea's?
Posted by David Miller 10 months ago
I have installed Rapid7 in ubuntu in one of the machine. I am trying to login via web browser from different machine like https://<public ip address of the installed machine> :3780/ Port 3780 is open but still I am unable to open the URL. It says This site can’t be reached
Posted by rajith 10 months ago
Hi, We want to make the pre-authorized scanner immutable in AWS and wondering if you can call the API to generate a shared secret so we can deploy the scanners via Terraform. We don't want to use VPC peering as this is viewed as a security risk should the main account get compromised, they'd have access to all of our other accounts. Thanks, James
Posted by James Boothby 11 months ago
I have install Metasplot pro with trial key. And after I launch console it write to me: Warning! The following modules could not be loaded! C:/metasploit/apps/pro/vendor/bundle/rudy/2.3.0/gems/metasplot-framework-4.17.11/modules/auxiliary/dos/smb/smb_loris.rb: Msf::Modules::Error Failed to load module <dos/smb/smb_loris from C:/metasploit/apps/pro/vendor/bundle/rudy/2.3.0/gems/metasplot-framework-4.17.11/modules/auxiliary/dos/smb/smb_loris.rb> due to Invalid module <no MetasplotModule class or module name> But i have file in the following folder with following name! Any solutions?
Posted by Fozzy 11 months ago