I have a log message like this: 01 Jul 2019 04:18:51.88001 Jul 2019 04:18:51.8924 +00:00 Level=Info Logger=MyFunction Message=Time elapsed per listing (ms): 195. elapsedTimeSyncer=195 I want to graph 'elapsedTimeSyncer' over time. But looking at the queries docs (https://insightops.help.rapid7.com/docs/log-search), it appears we can only do calcs on the matches for a given search? What im trying to do is graph the elapsed time for my function over time.. which is the value here. Any ideas?
Posted by Ryan Miranda about a month ago
Hello, Is there a SQL Query or Report that provides for an asset, the list of proofs and all the vulnerabilities(for ex: Title) that each proof covers. Thanks.
Posted by praneeth pantham about a month ago
We want to display an InsightOps dashboard on a TV in our office so that we can all see at a glance some key performance indicators in the system. Obviously I have created the necessary dashboard, but find that it logs itself out at intervals and then when we log back in, then the tool has reverted to top level needing 2-3 clicks to get the dashboard up again. Not really what we want. Is there a way to keep it logged in for longer so that we don't have to keep manually bringing it back?
Posted by Simon Bramwell about a month ago
Hello, There is one JSON error when I use API. Any idea what could be the problem? # curl -k -X POST -u username -H "Accept:application/json" -H "Content-Type: application/json" https://nexposeserver:3780/api/3/sites/61/scan_schedules -d '{"assets":{ "includedTargets":"linux-server" } }' Enter host password for user 'user': { "status" : 400, "message" : "The JSON input is invalid for the 'includedTargets' property of the SubsetAssetsScanScopeResource resource, at line 1, column 31.", "links" : [ { "href" : "https://nexposeserver:3780/api/3/sites/61/scan_schedules", "rel" : "self" } ]
Posted by Gueorgui Tcherecharov about a month ago
We are trying to test compliance in a Debian Server , according to CIS Benchmark policy, but when the scan is finished the policy appears as "not applicable", and the log file indicates the following: "xccdf_org.cisecurity.benchmarks_benchmark_1.3.0_CIS_Apache_HTTP_Server_2.4_Benchmark:1.3.0 is not applicable due to platform restriction(s)." How could i fix this? Thanks in advance.
Posted by omr about a month ago
Has anyone noticed the ‘first discovered date’ for certain vulnerabilities resets to the date from the last scan? I can’t find the correlation on why only certain vulnerability dates reset and other don’t.
Posted by Daniel Ley about a month ago
I'm not an expert in SQL, so I need some help to edit the existing (in Rapid7) Vulnerability Details Query. I need to add the "First Discovered" field to the vulnerabilities report Existing Query: WITH vuln_references AS ( SELECT vulnerability_id, array_to_string(array_agg(reference), ', ') AS references FROM dim_vulnerability JOIN dim_vulnerability_reference USING (vulnerability_id) GROUP BY vulnerability_id ) SELECT ds.name AS site, da.ip_address, da.host_name, da.mac_address, dv.title AS vulnerability, dvs.description AS status, favi.date AS discovered_date, CASE WHEN favi.port = -1 THEN NULL ELSE favi.port END AS port, dp.name AS protocol, dsvc.name AS service, proofAsText(dv.description) AS vulnerability_description, proofAsText(favi.proof) AS proof, dv.severity, round(dv.riskscore::numeric, 0) AS risk, round(dv.cvss_score::numeric, 2) AS cvss_score, vr.references, dv.exploits, dv.malware_kits, dv.pci_status FROM fact_asset_vulnerability_instance favi JOIN dim_asset da USING (asset_id) JOIN dim_vulnerability dv USING (vulnerability_id) JOIN dim_site_asset dsa USING (asset_id) JOIN dim_site ds USING (site_id) JOIN dim_vulnerability_status dvs USING (status_id) JOIN dim_protocol dp USING (protocol_id) JOIN dim_service dsvc USING (service_id) JOIN vuln_references vr USING (vulnerability_id) ORDER BY ds.name, da.ip_address
Posted by Jerry Kundel about a month ago
How secure is our data when transmit to cloud for data analytics in insight VM . We are ok with the rapid 7 sites . But also there is a prequiste that an outbound connection needs to be made on AWS through port 443 . how safe it is . Region Web Data S3 United States exposure-analytics.insight.rapid7.com data.insight.rapid7.com s3.amazonaws.com Canada ca.exposure-analytics.insight.rapid7.com ca.data.insight.rapid7.com s3.ca-central-1.amazonaws.com Europe eu.exposure-analytics.insight.rapid7.com eu.data.insight.rapid7.com s3.eu-central-1.amazonaws.com Japan ap.exposure-analytics.insight.rapid7.com ap.data.insight.rapid7.com s3-ap-northeast-1.amazonaws.com Australia au.exposure-analytics.insight.rapid7.com au.data.insight.rapid7.com s3-ap-southeast-2.amazonaws.com
Posted by Vinoth 2 months ago
Hi, My customer decided to execute a disaster recovery exercise which involved nexpose. Installation is on VM running red hat. DR exercise will be done by creating a backup image of the VM and move to DR site. My concern here is will there be any issue regarding license validity for example after restoring the backup image to DR site. Also scan needed to be done after restoring the backup. Appreciate any help.
Posted by HASIF 2 months ago
Hello, I am trying to create three separate dynamic asset groups of vulnerabilities that are exploitable by a novice, intermediate, and expert. I have been trying to create the asset groups for a while and I am not having a lot of success with it. Does anyone have any tips for creating these dynamic asset groups? Your help is very much appreciated
Posted by Joseph Brennan 2 months ago
Release 6.5.68 shows: We improved the ability to control the behavior of long-running scans. You can now configure the Scan Engine to obey a per-host scan time limit. When the time to scan a single host exceeds this customizable time limit, that host will be skipped. Where is this configured?
Posted by Doug Dellinger 2 months ago
If there is a patch on a system that supersedes previous KB's, then they should not be listed in the list of vulnerabilities. IF the system has a more current KB that includes remediation for an earlier KB, then it should be excluded. Is it? Reason I ask? Nexpose says my 135 remote users have 22k vulnerabilities. My patch management software says there are about 1k. That is a major discrepancy. When I had that with a previous product, it was due to the scanner telling me I was missing all these patches, but they had all been superseded.
Posted by Kerry LeBlanc 2 months ago
This external hosted engine worked good until last week. When I refresh the scan engine (in administration), it says unauthorized console connection (CN=NeXoise Security Console, O=Rapid7) Does anyone have this issue?
Posted by Simon Tran 2 months ago
Any suggestions on a scan template to use for scanning the DMZ? In my experience using the full audit template will not work due to admin credentials being required for the scan. I'm looking to enumerate all vulnerabilities that can be hit but the problem is I do not see a built in template that can do all of that without being too invasive (the internet DMZ audit template for example). In order to get what I'm looking for is it prudent to create a custom scan template? Thanks in advance for the help.
Posted by Robert Fredericks 2 months ago
It's weird, but my question is about customer portal user settings :) I changed my user's settings to bring "my cases" (customer portal) as the homepage when I log into https://insight.rapid7.com/ Now, I can't go to "user settings page", or even, I can't log out (when I click the log out, it brings me back to my cases) :)))) I really feel awkward for asking this but I couldn't find a solution yet. How can I change my settings, i.e. change my homepage or add a product that I owned?
Posted by Muharrem Aydin 2 months ago
I installed metasploit community now when i run my msfconsole command in my terminal . The msfconsole not working. It is giving the following results . My operating system is Ubuntu 18.__ <pre><font color="#000000"><b>Traceback</b></font> (most recent call last): 34: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/bin/msfconsole:23:in `<main>' 33: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/bin/msfconsole:23:in `load' 32: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/metasploit-framework-4.17.61/msfconsole:49:in `<top (required)>' 31: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/metasploit-framework-4.17.61/lib/metasploit/framework/command/base.rb:81:in `start' 30: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/metasploit-framework-4.17.61/lib/metasploit/framework/command/base.rb:63:in `require_environment!' 29: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/application.rb:328:in `require_environment!' 28: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/polyglot-0.3.5/lib/polyglot.rb:65:in `require' 27: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/backports-3.15.0/lib/backports/std_lib.rb:9:in `require_with_backports' 26: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/backports-3.15.0/lib/backports/std_lib.rb:9:in `require' 25: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/metasploit-framework-4.17.61/config/environment.rb:5:in `<top (required)>' 24: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/railtie.rb:194:in `method_missing' 23: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/railtie.rb:194:in `public_send' 22: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/application.rb:352:in `initialize!' 21: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/initializable.rb:54:in `run_initializers' 20: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:205:in `tsort_each' 19: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:226:in `tsort_each' 18: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:347:in `each_strongly_connected_component' 17: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:347:in `call' 16: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:347:in `each' 15: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:349:in `block in each_strongly_connected_component' 14: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:431:in `each_strongly_connected_component_from' 13: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:350:in `block (2 levels) in each_strongly_connected_component' 12: from /opt/metasploit/ruby/lib/ruby/2.5.0/tsort.rb:228:in `block in tsort_each' 11: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/initializable.rb:55:in `block in run_initializers' 10: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/initializable.rb:30:in `run' 9: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/initializable.rb:30:in `instance_exec' 8: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/application/finisher.rb:56:in `block in <module:Finisher>' 7: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/application/finisher.rb:56:in `each' 6: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/engine.rb:346:in `eager_load!' 5: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/engine.rb:469:in `eager_load!' 4: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/engine.rb:469:in `each' 3: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/engine.rb:471:in `block in eager_load!' 2: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/engine.rb:471:in `each' 1: from /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/railties-4.2.11.1/lib/rails/engine.rb:472:in `block (2 levels) in eager_load!' /opt/metasploit/apps/pro/vendor/bundle/ruby/2.5.0/gems/wicked-0.5.0/app/controllers/wicked/wizard_controller.rb:5:in `<top (required)>': <font color="#000000"><b>uninitialized constant ApplicationController (</b></font><font color="#000000"><u style="text-decoration-style:single"><b>NameError</b></u></font><font color="#000000"><b>)</b></font></pre>
Posted by himanshu 2 months ago
hello, (I have to say that I am French, and that I translate since google translation then pardon in advance) I have a problem when I run metasploit windows (10) it seems to me that: [-] *** [-] * WARNING: No database support: No database YAML file [-] *** and when i do db_status he tells me: [*] postgresql selected, no connection my version of metasploit: Framework: 5.0.30-dev-b67b48fd50fad6d9c2834571b540f101c80a4029 Console: 5.0.30-dev-b67b48fd50fad6d9c2834571b540f101c80a4029 it seems to me that this is the last still sorry for the translation
Posted by ralph 2 months ago
I've got a chart with a query along the lines of... ``` where(hostname = "someservername" AND method = GET) calculate(count) ``` The chart renders just fine but has a weird name like: "Some Server Name GET". If the name is longer due to the query then I'll lose information in the chart legend which is counterproductive. Can I provide some label or name for a field on a chart to make it more meaningful and useful?
Posted by Mike Hall 2 months ago