I'm using python to connect to InsightVM API v3 to retrieve information. Why does it only return 10 record? how can I retrieve all records? data = requests.get('https://insightvm.xyz.com:3780/api/3/sites',auth=HTTPBasicAuth('UID','password'))
Posted by Simon Tran about a month ago
We did a mass deployment of the insight agent, but none of the machines are checking in. I checked a few logs and show there was proxy error, and the client is stopped and will not start. How do we get the client started on the machines? I believe I may have resolved the proxy error.
Posted by Aaron Couts about a month ago
I am using Nexpose Enterprise Edition and scanning windows servers 2008, 2012 and 2016. I am not able to perform successful scanning and DCE Authentication failure on port 135 occurs. However port 139 and 445 in some cases returns me with credential success output. Kindly guide.
Posted by Michael Quarshie about a month ago
Hi, I'm struggling with Nexpose API in Powershell. Currently dealing with included_targets. I'm able to GET them with no problem so my PS script works. But I can't manage to create the proper string array while I'm doing PUT to /sites/#/included_targets. I've tried many ways but I'm still getting 400 or 415 responses from the Nexpose server. https://help.rapid7.com/insightvm/en-us/api/index.html#operation/updateIncludedTargets says to put an array of string into the PUT request body. Can anyone provide an exact Powershell code how to do that (put a couple of hostnames as included targets into a site)? I'm not an expert in Powershell. Thx.
Posted by Jiri Dohnal about a month ago
I'm trying to create a `site` on Nexpose via [the API.](https://help.rapid7.com/insightvm/en-us/api/index.html#operation/createSite) I provide the following parameters as a JSON body: { "name": "foo", "scan": { "assets": { "includedTargets": { "addresses": ["1.2.3.4", "5.6.7.8"] } }, "connection": { "id" => 5 } } } I've checked and rechecked the documentation and everything appears to be in order, but the server rejects my POST requests with "400 Bad Request" and no details about what's bad about the request. There's supposed to be a `message` key on the response body, but it's not present. What am I doing wrong?
Posted by Michael Cordingley about a month ago
https://insightvm.help.rapid7.com/docs/executive-report The following article says the monthly Executive Report can be viewed through the "in-product InsightVM link." I'm not sure where that link is located. There is usually a banner that pops when the report is generated, but I have since hidden that banner. I know the report is not archived, but I would like to view the current report before the next ones is generated.
Posted by Daniel Ley about a month ago
Nexpose (On-Premisis) Scan is breaking our SSSD instance on RHEL. This occurs when we run a FULL AUDIT scan using an authenticated domain account. The account is configured to also elevate its privilege during the scan. Our SSSD service is running on the RHEL server, but we notice that when the Nexpose scan is executed, after the scan determines the Linux OS to be RHEL and the version, we notice SSS_PAM_AUTHENTICATE command will eventually fail, and essentially our SSSD service gets in a state that it cannot authenticate any domain user account, even when we try to TELNET to the host. It is not until we restart the SSSD service on the host, that domain user accounts can authenticate in. Has anyone at Rapid7 seen this in the past? I also noticed that a Nexpose scan does numerious login activities (wich triggers authentications using the SSSD service) during a scan. I would assume that that is normal since it may be running vulnerability tests for different scenarios.
Posted by John Domingo about a month ago
Hello, I have many assets assigned to a site "Global." It appears that this Site is virtual, as in, I can't scope an Asset Group filter to it (for instance). The asset has an IP address within a range assigned to a Site. Why would this be and how do I get this asset to properly associate with the site? Thanks, Matt
Posted by Matt Brown about a month ago
How do I build out asset query to include vulnerability info, Column needed for Exploits (Count), Malware (Count), Vulnerabilities (Count), Exploits (count), Severity, Instances, Last Scan Date. SELECT dss.site_id AS "Site ID", da.host_name, da.ip_address, dos.description AS "Operating System", fa.scan_started AS "Last Scan Date", ds.name AS "Software Name", ds.version AS "Software Version" FROM dim_asset da JOIN dim_operating_system dos ON dos.operating_system_id = da.operating_system_id JOIN fact_asset fa ON fa.asset_id = da.asset_id JOIN dim_asset_software das ON das.asset_id = da.asset_id JOIN dim_software ds ON ds.software_id = das.software_id JOIN dim_scan ds2 ON ds2.scan_id = fa.last_scan_id JOIN dim_site_scan dss ON dss.scan_id = ds2.scan_id
Posted by Brenton about a month ago
Is there away to retrieve results (including found vulnerabilities) of a specific scan from one API call? from InsightVm documentation GET scan API call returns only scan info with statistic of found vulnerability. without information of found vulnerabilities. from what I understood I have to do another call GET vulnerability API call to retrieve found vulnerability by passing the identifier of the vulnerability which is not return by scan results API call. From my experience with Nessus, was possible to retrieve scan results with found vulnerabilities of a specific scan or for all scans from one API call.
Posted by Ibrahim about a month ago
I am looking for some advice on monitoring for SQL events using InsightIDR. I already set up the SQL server to allow IDR to get the events and I see them in the raw logs on IDR but I am not sure what the proper format is for queries. It seems like everything I run returns no results but I can see the data in the Log Search screen when I do not put anything in the query text box. Any help would be appreciated. Thanks!
Posted by Ron Gallimore about a month ago
Dear Experts Hi, We are evaluating penetration testing tool and have a few questions related to Metasploit by Rapid7 and would really appreciate if you kindly provide your kind comments/feedback. • Does Metasploit supports penetration testing of surveillance cameras/IP Cameras? • Does Metasploit supports penetration testing of wireless network? We have done a bit of our homework as well and would like your feedback/review/comments on the said. Surveillance Cameras/CCTV/IP Cameras Below URLs confirms that Metasploit framework support the said. • https://www.exploit-db.com/exploits/45231 • https://www.rapid7.com/db/modules/auxiliary/scanner/http/bavision_cam_login • https://blog.rapid7.com/2012/05/15/attacking-cctv-video-surveillance-systems-with-metasploit/ • https://www.youtube.com/watch?v=gk8hOrh3MrQ • https://ro.ecu.edu.au/cgi/viewcontent.cgi?referer=https://www.google.com/&httpsredir=1&article=1202&context=ism Network Penetration Testing, including Wireless networks Below URLs confirms that Metasploit framework support the said. • https://blog.rapid7.com/2009/12/14/meterpreter-pivoting-web-scanning-wireless-and-more/ • https://www.manitonetworks.com/security/2016/8/11/finding-wireless-keys-with-metasploit • https://digi.ninja/metasploit/dns_dhcp.php - MITM using Metasploit • http://www.packetstan.com/2011/03/nbns-spoofing-on-your-way-to-world.html • https://www.irongeek.com/i.php?page=videos/deploying-metasploits-meterpreter-with-mitm-and-an-ettercap-filter - MITM using Metasploit • https://www.rapid7.com/db/search?utf8=%E2%9C%93&q=wifi&t=a • https://www.rapid7.com/db/search?utf8=%E2%9C%93&q=wep&t=a • https://www.rapid7.com/db/search?utf8=%E2%9C%93&q=wpa&t=a • https://www.rapid7.com/db/search?utf8=%E2%9C%93&q=ssid&t=a Would really appreciate your kind guidance and support. Regards Qasim +923172929700
Posted by Muhammad Qasim about a month ago