Hi everyone, I tried several times to use NeXpose but I am stuck at the WebUI which is loading indefinitely. I just have the dashboard and I can't click anywhere. It's "loading sites/scans/groups" but I have nothing since it's the first time I use NeXpose. I have followed the installation guide and selected both scan engine and security console to be installed. I cannot find any errors in the logs. The only weird things is that: - sudo systemctl start nexposeconsole is OK - sudo systemctl start nexposeconsole is KO sudo systemctl start nexposeengine Failed to start nexposeengine.service: Unit nexposeengine.service not found. That is the only clue I have... Someone has faced a similar issue? Best regards, C-137
Posted by gabriel corre about a month ago
Hi, I am in the process of migrating our current scanning solution to InsightVM. In our present system, we use attributes such as - KNOWNAS\SERVERA - This field is in case the server name is not captured Device Function - Function of the server. I planned to use custom tags for this, is there anyway bulk update servers with individual tags? Thanks
Posted by Bruce Taylor about a month ago
Our Exchange admin has a concern regarding high CPU utilization for WinPrvSE.exe *32. I couldn't find anything in the documentation that the Nexpose scanning engines would affect this but, I need to confirm to rule it out as there are several possible causes for high CPU load for this. Im 99% sure its not caused by our scanning, just want anyone else's opinion
Posted by kevin Lowrie about a month ago
Using the pre-built RESTRICTED ASSET AUTHENTICATION - NEW USER alert. I want to make a custom alert that will only notify on Interactive logins. How would I go about getting this setup in IDR? Kind regards,
Posted by Alan Ngo about a month ago
We are scanning K8s nodes using the agent to detect container usage. It turns out that the churn of hosts in the QA environment is causing my licensed endpoint count to inflate. At any one time, I have about 200 nodes, however I have thousands in my agent counts. Can I do something on the host during tear down to tell Rapid7 that agent is going away?
Posted by ekelson about a month ago
I'm doing my first scan and I'm getting an error in the log that says: 2019-07-11T20:54:15 [WARN] [Thread: Scan 4] [Site: Test Site 1] XML protocol fingerprint is not schema compliant: javax.xml.stream.XMLStreamException: org.xml.sax.SAXParseException; lineNumber: 12; columnNumber: 42; cvc-complex-type.4: Attribute 'value' must appear on element 'Param'. It dies after that. I'm only scanning a single host. This is on Windows 10, on a workstation connected to the same LAN as the host in question. In the console, the final error is: Failed (java.io.IOException: The Nmap exit value is not zero: -1073741819 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run(Unknown Source) at com.rapid7.nexpose.scan.Scan.start(Unknown Source) at com.rapid7.nexpose.scan.Scan.run(Unknown Source) at java.lang.Thread.run(Thread.java:748) )
Posted by Tim Dressel about a month ago
Hi, For some reason i dont get the right reports when i scan machines for CIS policy compliance. For example the Windows Server 2016 Level one member server. The scan is a succes, but when i generate a report, it does not show the right output. It shows compliance rules for RHEL 6 and 7, while they are defently not selected? Any suggestions would be nice. Thanks!
Posted by ymen about a month ago
I'm trying to create a Powershell script to login to and logout of a Nexpose connection using the Restful API V3 but I'm struggling with the credentials (always get 401 which eventually locks me out of the console). The script will have to run automatically so interactive login is no good. Does anyone have a working Powershell script so that I can see how to get it working?
Posted by Peter McGranaghan about a month ago
Has anyone successfully implemented dynamic discovery either through LDAP or DHCP? LDAP appears to be limited in scope since it required a connection for each OU and DHCP does not seem to be working under "directory watch" or "syslog".
Posted by marcos marcal about a month ago
Hi, I am faced with this conundrum where Vormetric (LSOF utility) is blocking Rapid7 agents installed on our mysql servers. This tends to generate a lot of noise and has forced us to disable the agents on the servers. However, we need to have these agents running to scan for vulnerabilities. Is there a way to configure the agents to ignore accessing specific directories/filesystems? Has anyone come across is this issue and how was it resolved? Eagerly anticipating help. Cheers, Michael
Posted by Michael Damanka about a month ago
Hello, the contents update not work sometimes despite connecting the Internet. Telnet to updates.rapid7.com (both port 80 and 443) is succeed . Every time this issue occurs, I ask support team to reset the license update history or reset the license. I feel this issue seems to be occured after using nexpose / insightVM in an offline environment for a long time (several weeks). Could it be that this is related to the update issue? Is there any similar cases? Thank you for your co-operation.
Posted by Keita Takahashi about a month ago
I am trying to scan one ip that toggles between mac person and windows person. In Qualys they use to be able to scan the one IP with mac image when that was done then handed off to another upload windows image scan that one, then leave ip alone till they needed it again. Is it possible to do that authenticated scan for this or even basic scan(non authenticated)???/
Posted by Vanessa villalpando about a month ago
Hi, Microsoft recommends deploying primarily the latest patches or the supersedence once available for each patch. If the top 25 or 50 reports presents a set of remediation's required for mitigation, why does InsightVM fail identify the latest applied patch, as compliant to mitigate all the vulnerabilities within a environment? What it expects is the application of all, (let's say "20") OS patches to remediate the defined vulnerabilities, even if the required patch based on the report, is superseded.
Posted by Delano Sinclair about a month ago