We are experiencing issues after scans - for instance several of our UPS's will reboot (random, different ones after each scan), last week one of our ISE server needed to be rebooted (no one could authenticate), today our Exchange Server had to be rebooted (SMTP service stopped), etc. All of these issues were traced back to the exact time frame of the scans. So my question is, does anyone have any suggestions or advice on how to scan our infrastructure devices - maybe a different template or changing some of the options for the scan? Any advice would be greatly appreciated
Posted by David Miller 9 months ago
Hi! I was wondering: When I wanted to create an alert, I could just give one e-mail to send the alert to, but I want to send the alert to the owner of the machine of the vulnerability. Is it possible to set this? Like filling in a command or something with a variable? Thanks!
Posted by Matt 9 months ago
Hi, I have an excel sheet/ CSV file, which contains a tabular data and a set of records such as assets, sites, IP addresses, data classifications like CAT 1, CAT 2, CAT3, and CAT4. I want to import this bulk file to Nexpose and associate all attributes with the appropriate classifications (CAT1 -> CAT4). Please advise
Posted by Sandra Vladimir 9 months ago
We're trying to get Rapid7 to ingest syslog traffic from our ESXi 6.5 hosts. ESXi and all the VMware documentation I'm finding seem to want us to stick with port 514 - we've configured everything appropriately on the ESXi hosts in question and I'm able to get a successful connection (verified with nc at the ESXi console command line) but Rapid7 doesn't seem to be getting data. Where did we go wrong? Is it the port? is the default syslog data config from ESXi in need of tweaking?
Posted by Hank Kuczynski 9 months ago
Hi Admin, I am looking for a way in which I can able to get the list of patches installed on asset. For e.g Asset has been identified with some vulnerabilities and later it has been patched. First way is after applying the patches those vulnerabilities will not appear again but this is the tedious way as in this way we have to compare the report before applying of the patches and after. Is there any workaround to run a report directly and we can able to see that these are the patches applied recently. Thank!
Posted by Piyush Singh 9 months ago
I have testing the service for some time and in the process I have created some logsets. Now that i have decided to use the service i'am trying to delete the test logsets, but can't find where I do it? I have found out there is api to do it, but seems like overkill: https://insightops.help.rapid7.com/docs/delete-logset
Posted by Eric 9 months ago
We are planning to move to new Nexpose console from our old Nexpose console and I have the following questions: 1.Do we need a platform independent back up? 2.If no, should I upgrade my Ubuntu OS and then take a non platform independent backup? 3.Is upgrading OS recommended or will this break the console?
Posted by MJ 9 months ago
I purchased a public cert to be used on my Web Server sessions for phishing. Upon attempting to upload the .crt file, I received an error which read: - State cannot transition via "set launchable" - File is not valid or incomplete. Please verify that it is in PEM format, includes both the Certificate and Key in one file, and does not have a password set. "Validation failed: neither PUB key nor PRIV key: nested asn1 error" I don't understand the first error. The second error makes sense, but I don't know how to overcome it. Do I need to convert my .crt file to a different format?
Posted by Dean Turturici 9 months ago
after installing the 64bit nexpose on windows 7 , the UI seems to pop up but throws an 404 page not found error once the installation is complete. i have not configured proxy while installing , could that be the cause ?
Posted by Carol Roger Britto Durairaj 9 months ago
I use Metasploit pro and to prepare the manual, I need to have all the in depth details. I want to know what other status messages are available for "bruteforce" or "exploit". I know two statuses "Running" and "Completed". But where can i get the list of all statuses? For example, if an error occurs, what status is displayed ?
Posted by Jenis 9 months ago
Hello I am still new to SQL but have been playing around trying to build a new custom report. I can't figure out why I seem to be getting what appear to be multiples of the same lines. My query is below. SELECT ip_address as "IP Address", host_name as "Hostname", dos.description AS "OS", dv.title AS "Title", dv.date_published AS "Published", cvss_v3_score AS "Score", favi.date AS "Date_last_validated", fava.age_in_days AS "Age" FROM dim_asset da LEFT OUTER JOIN dim_operating_system dos on da.operating_system_id = dos.operating_system_id LEFT OUTER JOIN fact_asset_vulnerability_instance as favi on da.asset_id = favi.asset_id LEFT OUTER JOIN fact_asset_vulnerability_age as fava on favi.vulnerability_id = fava.vulnerability_id LEFT OUTER JOIN dim_vulnerability as dv on favi.vulnerability_id = dv.vulnerability_id WHERE dv.cvss_v3_score >= '7' AND fava.age_in_days >= '30' GROUP BY da.ip_address, host_name, dos.description, dv.title, dv.date_published, dv.cvss_v3_score, favi.date, fava.age_in_days
Posted by Robert DeBellis 9 months ago
Hi Whenever I try to link the nexpose console to the Insight platform, I receive the following error message: There is a time difference between the console and Insight Platform NTP is enabled, the correct timezone is set and the time on the console looks correct to me. Any hints on what the issue might be? Thanks in advance!
Posted by Bob Van Haute 9 months ago
My Nexpose console is hosted on Windows10 system. I am trying to conduct a scan on a Ubuntu system using SSH. However, I get the following error when I test credentials: java.net.NoRouteToHostException: No route to host: connect Can anyone please guide what is the problem here? Thank you in advance.
Posted by Shams 9 months ago
Hi. I load the module in msfconsole and try to connect using 'nexpose_connect', but I have a bug. msf > nexpose_connect NatRZ:XXXXxxDi@localhost:3780 ok [*] Connecting to Nexpose instance at localhost:3780 with username NatRZ... [-] Error while running command nexpose_connect: NexposeAPI: Action failed: java.lang.NullPointerException What am I doing wrong?
Posted by Alma 9 months ago
When selecting the SNMPv3 authentication option, there is no field to enter the "Context Name" which is required. What is the process to scan HP Printers via SNMPv3 without the ability to enter the "Context Name"?
Posted by Doug Johnston 9 months ago
I have this issue... First I follow the instructions to unlock the account: sudo -i screen -x nexpose unlock account <accountname> and receive the confirmation "Account <accountname> unlocked" Then I try the instructions to reset the password: sudo -i screen -x nexpose reset password <accountname> <newpassword> <newpassword> and receive the following error "Invalid command 'reset password <accountname> <newpassword> <newpassword>'" What is going on here?
Posted by AJ 9 months ago
I am trying to apply exceptions to asset ID on a vuln ID but I am getting the following error, Retrying the request due to undefined method `sub' for nil:NilClass. If you see this message please open an Issue on Github with the error. Retrying the request due to undefined method `sub' for nil:NilClass. If you see this message please open an Issue on Github with the error. Retrying the request due to undefined method `sub' for nil:NilClass. If you see this message please open an Issue on Github with the error. Retrying the request due to undefined method `sub' for nil:NilClass. If you see this message please open an Issue on Github with the error. Retrying the request due to undefined method `sub' for nil:NilClass. If you see this message please open an Issue on Github with the error. I, [2018-08-23T10:26:45.015942 #5052] INFO -- : Logging out of Nexpose Traceback (most recent call last): 8: from ApplyException.rb:61:in `<main>' 7: from C:/Ruby25-x64/lib/ruby/gems/2.5.0/gems/csv-1.0.1/lib/csv.rb:1191:in `foreach' 6: from C:/Ruby25-x64/lib/ruby/gems/2.5.0/gems/csv-1.0.1/lib/csv.rb:1339:in `open' 5: from C:/Ruby25-x64/lib/ruby/gems/2.5.0/gems/csv-1.0.1/lib/csv.rb:1192:in `block in foreach' 4: from C:/Ruby25-x64/lib/ruby/gems/2.5.0/gems/csv-1.0.1/lib/csv.rb:1814:in `each' 3: from ApplyException.rb:73:in `block in <main>' 2: from C:/Ruby25-x64/lib/ruby/gems/2.5.0/gems/nexpose-7.2.0/lib/nexpose/vuln_exception.rb:230:in `save' 1: from C:/Ruby25-x64/lib/ruby/gems/2.5.0/gems/nexpose-7.2.0/lib/nexpose/connection.rb:124:in `execute' C:/Ruby25-x64/lib/ruby/gems/2.5.0/gems/nexpose-7.2.0/lib/nexpose/api_request.rb:148:in `execute': NexposeAPI: Action failed: Nexpose service returned an unrecognized response: "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n<Failure error-code=\"-1\">\n <Message>Error encountered, unable to fulfill request.</Message>\n <Exception>\n <Message></Message>\n <Stacktrace></Stacktrace>\n </Exception>\n</Failure>\n" (Nexpose::APIError) ## Initialize Gems require 'nexpose' require 'rubygems' require 'csv' require 'logger' require 'yaml' require 'time' require 'set' gem 'nexpose' require 'highline/import' include Nexpose ## Enable Logging so that all tags created and modified are tracked $log = Logger.new(STDOUT) $log.level = Logger::INFO ## Import credentials from the configuration file config_path = File.expand_path("../nexpose.yaml", __FILE__) config = YAML.load_file(config_path) @nx_host = config["nx_hostname"] @nx_username = config["nx_username"] @nx_password = config["nx_password"] thedate = DateTime.now ## Input CSV File that contains IPs + Vuln ID's vuln_file = 'x.csv' ## Log file to write all the exceptions default_logfile = 'ApplyException_' + thedate.strftime('%Y-%m-%d--%H%M') + '.log' ## Log File Name log_file = 'exception_asset.log' time = Time.new set_date = time.strftime("%Y%m%d-%Hh%Mm") ## Enter Credentials and URI for Nexpose connection nsc = Nexpose::Connection.from_uri(@nx_host, @nx_username, @nx_password) ## Login to Nexpose $log.info "Logging into Nexpose" nsc.login at_exit { $log.info "Logging out of Nexpose" nsc.logout } review_comments = "Auto approved by submitter." rsn = Nexpose::VulnException::Reason::ACCEPTABLE_RISK scope = Nexpose::VulnException::Scope::ALL_INSTANCES_ON_A_SPECIFIC_ASSET CSV.foreach(vuln_file, {:headers => true}) do |asset| # Skip any rows that have Empty column entries for Asset ID, Comment, Expiration Date, Vuln ID next if asset['ASSET_ID'].nil? || asset['Comment'].nil? || asset['Expiration Date'].nil? || asset['Vuln ID'].nil? # Build the exception Hash exceptionDetails = Hash.new exceptionDetails[:vuln_id] = asset['Vuln ID'] exceptionDetails[:reason] = rsn exceptionDetails[:scope] = scope exceptionDetails[:comment] = asset['Comment'] exceptionDetails[:device_id] = asset['ASSET_ID'] exception = Nexpose::VulnException.new(asset['Vuln ID'], 'All Instances on a Specific Asset', 'Acceptable Risk') exception.asset_id = asset['ASSET_ID'] exception.save(nsc, asset['Comment']) exception.update_expiration_date(nsc, asset['Expiration Date']) exception.approve(nsc, review_comments) log.puts 'Created Exception:' log.puts 'vuln_id: ' + exceptionDetails[:vuln_id] + ', ' + 'device_id: ' + exceptionDetails[:device_id].to_s + ', ' + 'reason: ' + exceptionDetails[:reason] + ', ' + 'scope: ' + exceptionDetails[:scope] + ', ' + 'comment: ' + (exceptionDetails[:comment].nil? ? '' : exceptionDetails[:comment].to_s) end
Posted by SANDEEP BATCHU 9 months ago