Please list down the steps or necessary documentation after deploying Azure Rapid7 VM Scan Engine. As i couldnt find any proper documentation in https://azuremarketplace.microsoft.com/en-us/marketplace/apps/rapid7.nexpose-scan-engine
Posted by Santhosh M about a year ago
Hi, I have entered the required credentials, but receive errors: java.util.concurrent.ExecutionException: com.hierynomus.smbj.common.SMBRuntimeException: com.hierynomus.protocol.transport.TransportException: java.io.EOFException: EOF while reading packet any ideas? thanks, Sion
Posted by Sion R about a year ago
I know we aren't the only ones with this issue, I've googled it. What is the official or unofficial fix to properly fingerprint and scan Cisco IP phones? the data is all over the place currently and they are basically useless to scan in its current state
Posted by Matt Wyen about a year ago
What could cause Rapid7 to detect vulnerabilities with software that does not reflect the installed version on the machine? I have zero pending patches on a few specific machines and Rapid7 is inflating their associated risk score due to version mis-matches. Is there a way to get a proper scan that reflects the current versions?
Posted by Chris Newcomb about a year ago
"https://nexpose:3780/api/3/sites/1/site_credentials" returns a list of site specific credentials as expected. "https://nexpose:3780/api/3/sites/1/site_credentials/1" returns "404 Not Found" even though the id used is valid and shown in the first returned list. Is this a bug or something simple I am missing?! Thanks
Posted by Mike about a year ago
To start I'd like to thank Jasey DePriest for getting me this far into the Rabbit hole from the 5a0565fd82cf83001c169616 discussion post. I have the below query and the problem I am dealing with is if there is an owner tag I am getting duplicate entries the second being a null. The desire is to wind up with all assets with expiring certificates and for those with a tag like Owner to show that tag otherwise null. I built an API with powershell (ironically) that pulls from our inventory system and updates tags on known devices, and having this in the report will help identify what teams need to be engaged. Also as I am no database wizard much less with PostgreSQL.. this is a query cobbled together from other queries JOIN'd to the the one Jasey posted which got me all the broken down SSL cert info pulled from one column. So any optimizations or improvements are more then welcome ~Will ------------------------------------------------------------------------------------------------------------------ WITH owner_asset_tags AS ( SELECT DISTINCT asset_group_id, name FROM dim_asset_group WHERE (lower(dim_asset_group.name) LIKE 'owner - %') ) SELECT DISTINCT da.last_assessed_for_vulnerabilities AS "Last Scan Date", da.ip_address AS "Host IP Address", da.host_name AS "Hostname", da.mac_address AS "MAC Address", dos.description AS "Operating System", fa.scan_started AS "Last Scan Date", oat.name AS "Asset Group", json_certs.port AS "Port", json_certs.cert->>'ssl.cert.issuer.dn' AS "Issuer", json_certs.cert->>'ssl.cert.subject.dn' AS "Subject", json_certs.cert->>'ssl.cert.key.alg.name' AS "Algorithm", json_certs.cert->>'ssl.cert.sig.alg.name' AS "Algorithm Signature", json_certs.cert->>'ssl.cert.key.rsa.modulusBits' AS "Key Size", json_certs.cert->>'ssl.cert.not.valid.before' AS "Invalid Before", json_certs.cert->>'ssl.cert.not.valid.after' AS "Invalid After", (CAST(json_certs.cert->>'ssl.cert.not.valid.after' AS DATE) - CURRENT_DATE) AS "Expires In (days)" FROM ( SELECT asset_id, service_id, port, json_object_agg(name, replace(value::text, '"', '')) as cert FROM dim_asset_service_configuration WHERE lower(name) like 'ssl.cert.%' GROUP BY 1, 2, 3 ) as json_certs JOIN dim_asset AS da USING (asset_id) JOIN dim_operating_system dos ON dos.operating_system_id = da.operating_system_id JOIN fact_asset fa ON fa.asset_id = da.asset_id JOIN dim_asset_group_asset daga ON daga.asset_id = da.asset_id LEFT OUTER JOIN owner_asset_tags oat ON oat.asset_group_id = daga.asset_group_id WHERE (cast(json_certs.cert->>'ssl.cert.not.valid.after' AS DATE) - CURRENT_TIMESTAMP <= INTERVAL '90 days')
Posted by William Pfeifer about a year ago
Hello, Is there a custom report or SQL query that I can run to provide me with what software is EOL if available that are on all of our assets? I found a card on the dashboard "Assets Running Obsolete Software". It does not give me any info besides the OS which I already have on a different card. I have Nexpose/InsightVM. Thanks!
Posted by Randy Bruski about a year ago
I have run into an issue with version 3 of the API as some of the data its not being returned "shared_credentials/{id}" is not returning the "sites" part of the answer. I am getting back "siteAssignment : specific-sites", but not the sites that are assigned. Is there anyway to get this fixed? Thanks
Posted by Mike about a year ago
If an end-point has been installed and protected by McAfee Application Control (or any other application whitelisting solutions), will InsightVM take this into account when evaluating the vulnerability status of the end-point?
Posted by Ervin Yeo about a year ago
Hi! I understand that this URL contains the list of systems/platforms which are in the vulnerability scan coverage of InsightVM. https://kb.help.rapid7.com/docs/nexpose-vulnerability-coverage What I don't understand is, why are some very commonly used products missing from the list? For example, SAP, Citrix, Documentum, Oracle, Fortinet, ...
Posted by Ervin Yeo about a year ago
Is it possible to set a default dashboard for users? Some users have access to multiple dashboards but would like to set one of the dashboards as their primary or default dashboard so that when they access dashboards, it defaults to their primary dashboard. Is this possible?
Posted by Penny Maples about a year ago
Hi, We have an issue with Nexpose Console. When I try to remove a Scan Engine from Nexpose Console (0 sites attached to it), I get the following error: 2018-08-15T10:14:54 [INFO] [Thread: http-nio-3780-exec-10=/data/engine/8/delete] AJAX Error: PreparedStatementCallback; SQL [DELETE FROM silo_scan_engines WHERE seng_id = ?]; ERROR: update or delete on table "silo_scan_engines" violates foreign key constraint "fk_dc_eid" on table "discovery_config" Detail: Key (seng_id)=(8) is still referenced from table "discovery_config".; nested exception is org.postgresql.util.PSQLException: ERROR: update or delete on table "silo_scan_engines" violates foreign key constraint "fk_dc_eid" on table "discovery_config" Detail: Key (seng_id)=(8) is still referenced from table "discovery_config". How to fix it?
Posted by Slav Silin about a year ago
Hi! I would like to know if the Insight Agent will be a 100% replacement for a InsightVM Network Scan (with admin credentials)? Or are there information which a Network Scan can find that the Insight Agent can't, and Insight Agent can find some information that a Network Scan can't? Thanks!
Posted by Ervin Yeo about a year ago