I have QRadar ver. 7.2.8 patch 4 and want to integrate nexpose scanning with it. I know it is supported but I couldn't find any documents when I searched here that describe how to do it. Can someone please point me at the SIEM integration documentation (if there is such a thing :) ) or something specific to QRadar? I couldn't find anything on the tech support side or the blog side. Any help would be appreciated.
Posted by Daniel Sichel about a year ago
We are running 6.4.60. Is it possible to create a static single asset group and then add dynamic asset groups into the single static asset group? For example, I have many dynamic asset groups and I have many scan schedules. In each of the scan schedules I need to exclude several of the dynamic asset groups. I am looking for a way to only add one total exclusion (the static asset group) into the schedule versus adding 15 exclusions for 70 scan schedule. I have added the exclusions at the site level but it looks like the exclusions are still being scanned in my schedules so I am thinking that the schedules need to have the exclusions as well.
Posted by Andrew about a year ago
I've been playing with the Nexpose API via the ruby client, have managed to login and can get a list of all assets via nsc.assets, but what I really want is to list out all discovered assets with Name, IP, Operating System, etc. rather than what is returned by default. Is there a way to do this?
Posted by Luke Whitworth about a year ago
I want to send a monthly report to IT team to review assets that have not been scanned in the last 90 days. I've created a Dynamic Asset Group to list these assets (from the sites I want), showing the Asset name, IP address, Site name, OS, Last scan date. I am trying to schedule a monthly report, to report the assets from this Dynamic Asset Group, but I am struggling with the SQL query. May I get your assistance please? Thanks.
Posted by Joseph Mikhail about a year ago
Can anyone help me how to validate RHOSTS in MetaSploit Pro in Windows? [-] Task Exception: Msf::OptionValidateError The following options failed to validate: RHOSTS. ["C:/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.16.10/lib/msf/base/simple/auxiliary.rb:62:in `run_simple'", "C:/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.16.10/lib/msf/base/simple/auxiliary.rb:92:in `run_simple'", "C:/metasploit/apps/pro/engine/app/concerns/metasploit/pro/engine/rpc/tasks.rb:467:in `block in task_proc'", "C:/metasploit/apps/pro/engine/lib/pro/tasks.rb:231:in `block in start'", "C:/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.16.10/lib/rex/thread_factory.rb:22:in `block in spawn'", "C:/metasploit/apps/pro/vendor/bundle/ruby/2.3.0/gems/metasploit-framework-4.16.10/lib/msf/core/thread_manager.rb:100:in `block in spawn'"]
Posted by Rohit Sharma about a year ago
I'd like to have a ruby script (or feature added) to enable me to delete a large number of assets from a site (not from everywhere). The gui console requires a lot of selecting and un-selecting to remove just the desired assets.( A filter here would be nice) I've searched for a script but don't see anything that will work well or is easily modified although I think this might come close. https://blog.rapid7.com/2014/10/16/site-consolidation/ if one is any good with ruby. :)
Posted by Lawrence about a year ago
Doing a site scan under Web Applications shows 3 lines but when i go Web App Audit cant never run it, keep saying no url selected and under virtual host there is nothing, even when i selected the 3 urls on Web Applications
Posted by sigfredo gomez about a year ago
I have a scan engine that I have moved all of the sites off of that I cannot delete. The console is telling me that there is a schedule on a least one site for this engine but I cannot find it. Also the engine trying to be deleted is still a member of two sites even though I have changed the default engine for the site to another engine. How do I get rid of the old scan engine or find the schedules?
Posted by John Griffin about a year ago
Hi there, I've set up to reports to automatically be emailed to an email address. Our email provider is Google (Gsuite) but when specifying our email address, it is not received at all.(I have also checked that my email is actively receiving all other emails) I have tried a different provider such as Microsoft and that seems to receive it fine. I believe the problem is with gmail itself, it doesn't seem to receive its own relayed email. Has anyone had this problem before? I'd appreciate if someone could help me out. Thank you
Posted by Biz about a year ago
Hi So according to PCI you have 30 days to fix your critical vulnerability's , how are most people reporting to not show vulns that are critical and were detected less than the 30 days ...? This would give our tech teams the 30 day cycle they need so technically within that 30days they are compliant, we scan weekly and report on asset groups every two weeks currently and they guys are struggling to keep up I was thinking in the asset groups add a filter that says vulnerability's assed earlier than 30 days...? anyone have and input thanks in advance
Posted by dean mulley about a year ago