Is it possible to reference the log file name or log set name in a LEQL search? For example, I'd like to check if a regular expression named variable value occurs in a particular log file (in combination with other tests) or group by the log file name to see the breakdown of events by log file. Same question with the timestamp. Can I test or group by the timestamp? What I'd really like to do is like a timeslice, but sum the hour of the day across a week. I thought these might be predefined values that could be tested, but I can't find this in the documentation. Thanks in advance!
Posted by Brandt Braunschweig 2 months ago
I have a deployment in Azure and we install the Insight Agent using the VM Extension in Azure following this guide: https://insightagent.help.rapid7.com/docs/integrations We've had this up for about 3 months and about 10% of my hosts have old versions installed. The rest are all updated. I initially assumed because the VM extension is installed, the version will be maintained. Should these agents be updating automatically? Is there a way to manually update? Is there an agent log I can review to see why an update may have failed?
Posted by Brewbs 2 months ago
How can i set the packet size in the synflood attack on metasploit v5.0.13? Metasploit was pre-installed on Kali Linux. I use the auxiliary dos/tcp/synflood and i set only the RPORT and RHOST. In wireshark i notice that only the window size changes during the attack but the length is 0. In the windows task manager i notice that only CPU usage increases not memory.
Posted by Christos Nikas 2 months ago
Our goal is to have business managers request a new Rapid 7 scan via ServiceNow, once data collected (e.g., application name, policy, etc.) would be sent to Rapid 7 via command line for execution. Would be nice to have the Rapid 7 scan results sent back the requestor via e-mail.
Posted by Praveen 2 months ago
Another question was asked for this, but the linked document is no longer available. I have some internet-facing cloud assets I would like to scan, but they are currently locked down to only accept traffic from pre-approved systems.
Posted by Christopher Ward 2 months ago
Hi Rapid7 community, I am inquiring about a way for a dockerize an insightVM agent and scan the underlying host, assuming there is sufficient privileges to do so. The agent in the docker container can then send that info back to InisghtvM. Thank you
Posted by Nick Kwiecien 2 months ago
Are we able to get the following information from our Rapid7 Product? 1. Number of new vulnerabilities over a user defined period 2. Number of vulnerability remediation’s over a user defined period Example: New vulnerabilities from 01/01/2019 to 02/15/2019 Number of vulnerabilities remediated from 01/01/2019 to 02/15/2019
Posted by David Miller 2 months ago
Is there a way in Rapid7 Vulnerability Scans to create a field with a unique identifier number when the vulnerability is first found (New) so that it can mapped back with future scans with that same unique identifier? Example: Day 1 Scan 1/1/2019: (Unique ID 00001) New - 10.10.10.1 High Certificate Expired 1/1/2019 Day 2 Scan 1/2/2019: (Unique ID 00002) New - 10.10.10.2 Med dns-bind-cve-2019-6465 1/2/2019 (Unique ID 00001) Open - 10.10.10.1 High Certificate Expired 1/1/2019
Posted by Frank Perkins 2 months ago
Before the switch to Rapid7 I was able to search multiple log sets at a time. I can't seem to be able to do this anymore and I have to go through each log set individually. Can you show me where I can access this functionally?
Posted by Alexander Mellor 2 months ago
I have a query that I need to exclude specific categories and vulnerabilities; all the while including some categories. There are some vulnerabilities that come up that are included in several of the categories. Well i only need it to come up for one category not all. For example Microsoft patch and Microsoft have cve iud 123 vulnerability. I want to exclude Microsoft but at the same time include Microsoft patch. ANY suggestions?? Anyone use reports as sql .
Posted by Vanessa villalpando 2 months ago
Hi I created a scan template successfully use the post method.But when i use the put method to update this scan template,the server returns a response with status 400,and the error message is "Can't modify global scan templates through the API." Why this happen and how can i resolve it?
Posted by Jim 2 months ago
On the Top (Number) Remediations by Risk report it will list the remediation, the number of affected assets, risk, etc. Is there a way to pull the list of assets associated with the remediation listed? You can search for assets associated with a specific vulnerability, but the issue is that some applications can have multiple vuls that affect different versions. You can look up a specific vul and it may not include all the assets. I'm curious how to get the list of assets this report is saying needs the recommended remediation.
Posted by Russ Davis 2 months ago
I am attempting to run a SQL report starting from the fact_asset_scan_vulnerability_instance table but I am finding that the query response times are poor. A simple COUNT(*) FROM fact_asset_scan_vulnerability_instance takes 5+ hours to count 1.5 million entries which doesn't lead to expanding the query if I can only run one attempt per business day. Is it just my environment? Does anyone query this table via SQL? If so, what sort of response times do you get (and for how many entries)?
Posted by Paul Connolly 2 months ago