Hi! We automated deployment on our servers using Puppet, and would know how to proceed to automatically deploy your ir_agent knowing that we won't put it on our puppet repo (28MB it's not meant for GIT!), so the only working solution is to put it on a S3 bucket and make it available through it (wget). Did you have other solutions or advices?
Posted by Philippe Vigier 11 months ago
As DevOps I try to automate installation of AppSpider Enterprise. I've read over the Installation Guide but I can't find anything about silent installation. Do you have this option? Where I can read about this? What options I have use to configure AppSpider Enterprise? Thnak you!
Posted by Olesandr Kuznetsov 11 months ago
Hello community, I have a number of subnets that IT may populate with assets at any moment and without warning. Even though the sites have been empty for some time now, I'm wondering if I should continue to scan these empty sites, or wait until asset discovery alerts me? Wondering what other people are doing or best practise. Thanks
Posted by Martin Wensley 11 months ago
Hello, In IDR we've a user in AD being flagged as disabled account logging into cloud services. Call it jsmith (jon smith). There is an older account that is disabled he disabled was called jsmith (john smith) that (for whatever reason) was renamed from jsmith to jsmith-old. Both the UPN, SamAccountName, and other fields in AD are all renamed to jsmith-old. However, Jon Smith, the new user is still flagged as a disabled account logging into an online service. When I view the jsmith-old account in IDR it shows both the new entries of jsmith-old and the old entry for jsmith. Is there any way to remove the old entry from this account in IDR so the currently enabled user does not keep getting flagged? thank you.
Posted by Andre 11 months ago
I'm trying to edit the "Certificate Expiring in 90 days" SQL query to include the certificate's common name or better yet the cert's serial number so I can match that against the cert list from our internal Certificate Authority. I've tried a couple of changes but so far nothing's worked. The original query from the Nexpose KB is below. Anyone know how to pull the CN and serial number for each cert using this query? WITH cert_expiration_dates AS ( SELECT DISTINCT asset_id, service_id, name,value FROM dim_asset_service_configuration WHERE lower(name) LIKE '%ssl.cert.not.valid.after' ) SELECT ip_address, host_name, mac_address, ced.value FROM dim_asset JOIN cert_expiration_dates AS ced USING (asset_id) WHERE (cast(ced.value AS DATE) - CURRENT_TIMESTAMP <= INTERVAL '90 days') AND (cast(ced.value AS DATE) - CURRENT_TIMESTAMP > INTERVAL '0 days')
Posted by Doug Schaible 11 months ago
Hi, I am a Fastly customer, and they have built-in support for Logentries logging. However, when I try to create a new Logentries account this is redirected to Rapid7 instead. - Does Rapid7 receive logs which are directed to Logentries? Or does it have a different endpoint? - Is Fastly integration still working? - Is there a Knowledge Base article or any documentation explaining the connectivity/non-connectivity in between logentries.com and rapid7.com? - Is there a Knowledge Base article or documentation for Fastly customers? Thanks, Sam
Posted by Sam Darwin 11 months ago
Has anyone had success deploying the Insight Agent via SCCM. I am experiencing issues while trying to install from the script that was provided on the site. When using a simple script locally on workstations, the install seems to fail. When looking at the log, there is nothing that stands out to me. The scripts used are below: msiexec.exe /i agentinstaller-x86_x64.msi /qn msiexec.exe /i agentinstaller-x86_x64.msi /quiet msiexec.exe /i agentinstaller-x86_x64.msi /L*V "C:\temp\rapid7.log" /qn /norestart The output from the log file is below: === Verbose logging started: 4/30/2018 10:11:27 Build type: SHIP UNICODE 5.00.10011.00 Calling process: C:\WINDOWS\system32\msiexec.exe === MSI (c) (FC:FC) [10:11:27:137]: Resetting cached policy values MSI (c) (FC:FC) [10:11:27:137]: Machine policy value 'Debug' is 0 MSI (c) (FC:FC) [10:11:27:137]: ******* RunEngine: ******* Product: agentinstaller-x86_x64.msi ******* Action: ******* CommandLine: ********** MSI (c) (FC:FC) [10:11:27:138]: Client-side and UI is none or basic: Running entire install on the server. MSI (c) (FC:FC) [10:11:27:138]: Grabbed execution mutex. MSI (c) (FC:FC) [10:11:27:169]: Cloaking enabled. MSI (c) (FC:FC) [10:11:27:169]: Attempting to enable all disabled privileges before calling Install on Server MSI (c) (FC:FC) [10:11:27:170]: Incrementing counter to disable shutdown. Counter after increment: 0 MSI (s) (28:84) [10:11:27:179]: Running installation inside multi-package transaction C:\Users\jmmiller\Desktop\Rapid7\agentinstaller-x86_x64.msi MSI (s) (28:84) [10:11:27:179]: Grabbed execution mutex. MSI (s) (28:B0) [10:11:27:182]: Resetting cached policy values MSI (s) (28:B0) [10:11:27:182]: Machine policy value 'Debug' is 0 MSI (s) (28:B0) [10:11:27:182]: ******* RunEngine: ******* Product: C:\Users\jmmiller\Desktop\Rapid7\agentinstaller-x86_x64.msi ******* Action: ******* CommandLine: ********** MSI (s) (28:B0) [10:11:27:183]: Note: 1: 2203 2: C:\Users\jmmiller\Desktop\Rapid7\agentinstaller-x86_x64.msi 3: -2147287038 MSI (s) (28:B0) [10:11:27:184]: MainEngineThread is returning 2 MSI (s) (28:84) [10:11:27:188]: User policy value 'DisableRollback' is 0 MSI (s) (28:84) [10:11:27:188]: Machine policy value 'DisableRollback' is 0 MSI (s) (28:84) [10:11:27:188]: Incrementing counter to disable shutdown. Counter after increment: 0 MSI (s) (28:84) [10:11:27:188]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 MSI (s) (28:84) [10:11:27:189]: Note: 1: 1402 2: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Rollback\Scripts 3: 2 MSI (s) (28:84) [10:11:27:189]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1 MSI (c) (FC:FC) [10:11:27:190]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1 MSI (c) (FC:FC) [10:11:27:191]: MainEngineThread is returning 2 === Verbose logging stopped: 4/30/2018 10:11:27 ===
Posted by Jeff Miller 11 months ago
hey guys, I am having a major issue getting nexpose to run. I keep getting the error of: Critical error during initialization: Could not get JDBC Connection; nested exception is org.postgresql.util.PSQLException: FATAL: the database system is in recovery mode When I manually start with ./nsc.sh I get this. 2018-04-26T12:50:39 [INFO] Initializing console... 2018-04-26T12:50:39 [INFO] Product Version: 6.5.16 2018-04-26T12:50:39 [INFO] Current directory: /opt/rapid7/nexpose/nsc 2018-04-26T12:50:39 [INFO] User name: root 2018-04-26T12:50:39 [INFO] Super user: Yes 2018-04-26T12:50:39 [INFO] Computer name: kevin-Aspire-A517-51G 2018-04-26T12:50:39 [INFO] Host Address: 127.0.1.1 2018-04-26T12:50:39 [INFO] Host FQDN: kevin-Aspire-A517-51G 2018-04-26T12:50:39 [INFO] Operating system: Ubuntu Linux 17.10 2018-04-26T12:50:39 [INFO] CPU speed: 3175MHz 2018-04-26T12:50:39 [INFO] Number of CPUs: 8 2018-04-26T12:50:39 [INFO] Total memory: 11.6 GB 2018-04-26T12:50:39 [INFO] Available memory: 508.8 MB 2018-04-26T12:50:39 [INFO] Total disk space: 456.4 GB 2018-04-26T12:50:39 [INFO] Available disk space: 169.1 GB 2018-04-26T12:50:39 [INFO] Disk space used by installation: 1.5 GB 2018-04-26T12:50:39 [INFO] Disk space used by scans: 0 bytes 2018-04-26T12:50:39 [INFO] Disk space used by database: 68.4 MB 2018-04-26T12:50:39 [INFO] Disk space used by reports: 0 bytes 2018-04-26T12:50:39 [INFO] Disk space used by backups: 0 bytes 2018-04-26T12:50:39 [INFO] JVM name: OpenJDK 64-Bit Server VM 2018-04-26T12:50:39 [INFO] JVM vendor: Azul Systems, Inc. 2018-04-26T12:50:39 [INFO] JVM version: 25.162-b01 2018-04-26T12:50:39 [INFO] JVM started: 2018-04-26 19:50 GMT 2018-04-26T12:50:39 [INFO] Running interactively under super-user: root. 2018-04-26T12:50:39 [WARN] System is running low on memory: 11883MB total (508MB free) 2018-04-26T12:50:39 [INFO] Initializing JDBC drivers. 2018-04-26T12:50:39 [INFO] Loading configuration... 2018-04-26T12:50:39 [INFO] Initializing license manager... 2018-04-26T12:50:40 [WARN] No valid licenses were found. This will prevent site modification and the running of scans. 2018-04-26T12:50:40 [INFO] Initializing maintenance manager... 2018-04-26T12:50:40 [INFO] Renamed /opt/rapid7/nexpose/nsc/maintenance.xml to /opt/rapid7/nexpose/nsc/maintenance.bak 2018-04-26T12:50:40 [INFO] Initializing crypto subsystem... 2018-04-26T12:50:40 [INFO] Initializing plugins... 2018-04-26T12:50:40 [INFO] Initializing authentication services... 2018-04-26T12:50:40 [INFO] Initializing web server... 2018-04-26T12:50:40 [INFO] Configuring web server. 2018-04-26T12:50:40 [INFO] Generating skin: /opt/rapid7/nexpose/nsc/htroot/scripts/nexpose-skin.js 2018-04-26T12:50:40 [INFO] Generating feature set: /opt/rapid7/nexpose/nsc/htroot/scripts/nexpose-features.js 2018-04-26T12:50:40 [INFO] Context loader config file is jar:file:/opt/rapid7/nexpose/nsc/lib/nsc.jar!/META-INF/context.xml 2018-04-26T12:50:40 [INFO] Initializing ProtocolHandler ["http-nio-3780"] 2018-04-26T12:50:40 [ERROR] Failed to initialize end point associated with ProtocolHandler ["http-nio-3780"] 2018-04-26T12:50:40 [ERROR] Failed to initialize connector [Connector[HTTP/1.1-3780]] 2018-04-26T12:50:40 [ERROR] A critical error occured during initialization 2018-04-26T12:50:40 [INFO] Adding maintenance task NexposeRecovery 2018-04-26T12:50:40 [INFO] Reinitializing web server for maintenance mode... 2018-04-26T12:50:40 [INFO] Stopping ProtocolHandler ["http-nio-3780"] 2018-04-26T12:50:40 [INFO] Destroying ProtocolHandler ["http-nio-3780"] 2018-04-26T12:50:40 [INFO] Accepting web server logins. 2018-04-26T12:50:40 [INFO] Found a pending maintenance task: NexposeRecovery 2018-04-26T12:50:40 [INFO] Entering maintenance mode, only administrator logins permitted. 2018-04-26T12:50:40 [INFO] Maintenance Task Started 2018-04-26T12:50:40 [INFO] Accepting console commands. > 2018-04-26T12:50:40 [ERROR] Error during server initialization. 2018-04-26T12:50:40 [INFO] Shutting down immediately 2018-04-26T12:50:40 [WARN] Error stopping quartz schedulers. 2018-04-26T12:50:40 [INFO] Shutting down web server... 2018-04-26T12:50:40 [INFO] Pausing ProtocolHandler ["http-nio-3780"] 2018-04-26T12:50:40 [INFO] Stopping service Tomcat 2018-04-26T12:50:40 [ERROR] Problem shutting down Tomcat 2018-04-26T12:50:40 [INFO] Web server stopped 2018-04-26T12:50:40 [INFO] removing scheduled risk and history updater jobs 2018-04-26T12:50:40 [INFO] Shutting down extension manager 2018-04-26T12:50:40 [INFO] Extension manager shutdown successful. 2018-04-26T12:50:40 [INFO] Shutting down config manager 2018-04-26T12:50:40 [INFO] Shutting down crypto system 2018-04-26T12:50:40 [WARN] Error stopping connection scheduler. 2018-04-26T12:50:40 [INFO] Shutting down daemon manager 2018-04-26T12:50:40 [WARN] Error shutting down database. 2018-04-26T12:50:40 [INFO] Shutting down command console 2018-04-26T12:50:40 [INFO] Shutting down web server... NeXpose security console exited with code 0 What is going wrong here? Thanks!
Posted by Kevin Humphrey 12 months ago
I have installed Nexpose in a VM and scanned few hosts but it only shows 1 or 2 vulnerabilities. I have switched off the windows firewall in my VM and host machines. They are in the same network. I have performed a full audit without web scan. What might be the issue here. All the hosts have connection with the console and I can telnet to the ports too.
Posted by Gamunu Panamaldeniya 12 months ago
Hi Support, We're measuring vulnerability metrics each week via a 'New and Remediated' vulnerability report (sql query found in rapid7 help). Unfortunately, the report does not report off the number of instances each of the vulnerabilities occur. Question - Is there a way to filter via date or run a historical report based on the Vulnerabilities (the section where there's Vulnerability Charts, Vuln by CVSS Score - pie graph area). What I'm looking for is Total Outstanding vulnerabilities breaking it down week by week. Any tips and tricks will be greatly appreciated. Thank you!
Posted by Romel Edrada 12 months ago
We have noticed cases where Microsoft patch is installed but Nexpose is still reporting on the vulnerability. Some times the patch was superseded and Nexpose still look for the previous KB. Here are some examples. I wonder if there is any fix for this because it's really causing a lot of noise on the reports. 1- CVE-2017-11882 : KB4011276 was installed but Nexpose still show this as vulnerable and ask for KB4011604. Microsoft said if you have KB4011276 there is no action needed but Nexpose is not reflecting that 2-MS14-066: installed KB2992611 on windows server 2012 but Nexpose still reporting on it
Posted by Maiash about a year ago
Customer wants to select a vulnerability (with all assets that have it) and send it for remediation as ticket of some sort with all description, proof and vulnerability solution. How to auto delete assets that have been reinstalled or permanently shut down ?
Posted by Nikolajs Matjusenko about a year ago
I'm trying to create my first scan. The first page of scan configuration asks for URLs I want to scan. I pasted one in and immediately saw red text telling me that I would first need to add something to the "starting URLs" list. But I don't see anything in the UI or menus called "starting URLs list" and I don't find any mention of a "starting URLs list" in the user guide (I'm looking here: https://www.rapid7.com/docs/download/AppSpider_Pro_User_Guide_-_3-6-17.pdf)
Posted by Brian about a year ago