Is there away to retrieve results (including found vulnerabilities) of a specific scan from one API call? from InsightVm documentation GET scan API call returns only scan info with statistic of found vulnerability. without information of found vulnerabilities. from what I understood I have to do another call GET vulnerability API call to retrieve found vulnerability by passing the identifier of the vulnerability which is not return by scan results API call. From my experience with Nessus, was possible to retrieve scan results with found vulnerabilities of a specific scan or for all scans from one API call.
Posted by Ibrahim about a month ago
When I have run nexpose (InsightVM) for the first time, there is an ERROR output and scan stopped. How to resolve this issue? 2019-04-23T08:24:45 [ERROR] Entry drupal-CVE-2018-1000888.xml not found in /opt/rapid7/nexpose/plugins/java/1/DrupalScanner/1/vulns.jar. Please update to the latest product version. 2019-04-23T08:24:45 [ERROR] drupal-CVE-2018-1000888.xml not found. Please update to the latest product version. 2019-04-23T08:24:45 [WARN] [Scan ID: 1] Success callbacks not running due to error in task
Posted by Hubton about a month ago
I have ruled out many vulnerabilities for a site but they keep showing up in the reports I generate, such as a Audit Report or Basic Vulnerability Check. For example, I have 'submitted and approved' all PHP related vulnerabilities have been ruled out and verified by the admin. They are listed in the asset's vulnerability exception list as well as the Administrator Vulnerability Exceptions page which states that the vulnerabilities have been approved by admin and the Exception Scope is for All Instances. Yet, they keep showing up in reports. I am using the Rapid7 InsightVM Free Trial. License is still active. The system is Windows 2012 R2 server, x64 based OS, and 16 GB RAM meets all the minimum requirements. have restarted the system and installed InsightVM as administrator with firewall and antivirus disabled. I have tried uninstalling it and re-installing it again. This is for one scan that has had 449 assets and the scan finished successfully with 6,903 vulnerabilities found. Any assistance would be appreciated.
Posted by Lee Zimmerman about a month ago
I have ruled out many vulnerabilities for a site but they keep showing up in the reports I generate, such as a Audit Report or Basic Vulnerability Check. For example, I have 'submitted and approved' all PHP related vulnerabilities have been ruled out and verified by the admin. They are listed in the asset's vulnerability exception list as well as the Administrator Vulnerability Exceptions page which states that the vulnerabilities have been approved by admin and the Exception Scope is for All Instances. Yet, they keep showing up in reports. I am using the Rapid7 InsightVM Free Trial. License is still active. The system is Windows 2012 R2 server, x64 based OS, and 16 GB RAM meets all the minimum requirements. have restarted the system and installed InsightVM as administrator with firewall and antivirus disabled. I have tried uninstalling it and re-installing it again. This is for one scan that has had 449 assets and the scan finished successfully with 6,903 vulnerabilities found. Any assistance would be appriciated?
Posted by Lee Zimmerman about a month ago
Hello, I'd like to produce a KRI value that shows percentage of scanned hosts versus a list of known reachable subnets. For instance, this list of reachable subnets can be pulled from Solarwinds IPAM, or SNMP polling of Cisco gear, or simply a CSV/XML/JSON. Having a discovery scan will not suffice as there may be drift of in-scope subnets within the Nexpose/InsightVM system and real reachable subnets. Thanks! Matt
Posted by Matt Brown 2 months ago
I was wondering if I could get insight into what should be in the insightvm VARFILE response document for the linux insightvm installer. I am looking into auto deploying agents and would like them to self-configure to talk to my Console server. I do not want to use the AWS AMI Pre-authorized scanner as I want console -> scanner traffic only. Example: ``` Starting Installer ... The following command line options are available: -varfile [file] Use a response file -c Run in console mode -q Run in unattended mode -dir [directory] In unattended mode, set the installation directory -overwrite In unattended mode, overwrite all files -splash [title] In unattended mode, show a progress window -Dname=value Set system properties -h Show this help ```
Posted by ekelson 2 months ago
Hi When nexpose upgraded to insightvm , Following information is transmitted to insightvm on Rapid7 cloud. By Transmitting below information to cloud will it violate any compliance or audit and do we need to take any customer consent to before transmitting to Insightvm. Asset information Asset groups Asset owners Vulnerabilities Vulnerability exceptions Tags Scan Engine information InsightVM Console information InsightVM does not transmit user or service credentials of any kind to the Insight platform. https://nexpose.help.rapid7.com/v1.0/docs/configure-communications-with-the-insight-platform Thanks in Advance. Regards/- Charan
Posted by charan teja 2 months ago
According to my PCI Host Details Report, I went from 100% PCI compliance to 55% compliance. All my assets have a PCI Compliance Status of Pass but the host report has started marking many Ciphers as failures like: Undefined CVE, TLS/SSL Server Supports The Use of Static Key Ciphers Undefined CVE, Diffie-Hellman group smaller than 2048 bits Undefined CVE, TLS/SSL Server Is Using Commonly Used Prime Numbers Just last week these were not failures and now they are, but just in the PCI Host Details report. When I look at the assets in InsightVM they all have a PCI Compliance Status of Pass. Am I missing something?
Posted by Scott Hoopes 10 months ago
I just made a copy of a RHEL 7 CIS 2.2.0 Level 1 Server Policy and scanned a server. 115 rules passed. I then disabled the AIDE section (2 rules) and ran the scan again. 108 rules passed - so additional unrelated (ntp, chrony, etc.) checks now fail... I see similar results with the equivalent CentOS policy. Anyone else seeing this? Rob.
Posted by Rob Lawley 11 months ago
Is there a way to set an exception to recursively accept vulnerabilities from previous versions than the latest exception version? Example being, if we have a legacy app that requires Java 7, would there be a way to put in exception that would remove all vulnerabilities to a specific version? I know I can create an exception for all vulnerabilities that contains "Java" but that seems ugly. Also would putting an exception in like this also put exceptions in for all new vulns that contain Java or just when the exception was put in?
Posted by Robert DeBellis 11 months ago
I have in my infrastructure several servers with multiple IP addresses and NIC interfaces, each facing a different network segment that are scanned for vulnerabilities due to the fact that different services are provided on each network. Is there a form of InsightVM correlating this information and counting these diferent IP addresses belonging to the same Host as only 1 Asset?
Posted by Paulo Ferreira 11 months ago
We need to use Rapid7 VM tool and integrate it with the CA Service Desk manager. Is it possible to do this? Also, I've read about Lieberman's RED software, is it possible to integrate Rapid7 with the help desk via this software?
Posted by Divya Ambwani about a year ago
I'm evaluating the InisghtVM tool in vulnerability assessment for our small (but certain to grow) Docker container servers. I have not been able to assess the images even though the tool does recognize the servers as container hosts. When I reached out to the group standing up the containers, they explained they are placing and building the images directly on the servers and use no registry. Is it possible for InsightVM to work with this use case?
Posted by Diana Orrick about a year ago
Hello Can you please explain details between the dashboard that we see post scan vs the masked Dashboard features in the InsightVM platform ? What are the advantage & value that will be provided to the client ? What data is sent to the cloud & does Rapid7 has region specific cloud like one for Asia, UK, Europe, US etc ?
Posted by saurabh about a year ago
Hello Rapid 7 Team, I've Been trying to create a Remediation project and display results. However, I don’t get why nothing is coming up. Not sure if something from the internal side or maybe something isn’t configured correctly? Should I contact my CSM? Been using these steps below as well as the demo for InsightVM. It’s very Straightforward, but I’ll keep trying. Creating a Remediation Project https://insightvm.help.rapid7.com/v1.0/docs/remediation-workflow 1. Create a remediation project from within the Dashboard or from the Projects tab. 2. If you are within the Dashboard, expand the card showing assets by risk and vulnerabilities to view a list of assets. If desired, you can apply an existing filter or create a new query. 3. Select the assets you want to include and add them to create a Static Remediation Project. For Dynamic Remediation Projects, use the asset and vulnerability filters to define the scope of the solutions that will populate the project. 4. Name the project and assign it to one or more Security Console users. DEMO https://information.rapid7.com/insightvm-product-demo-august-thanks.html?aliId=19803371 Any help would be great. Thank you.
Posted by Kenneth Boadu about a year ago
Hi, now I'm testing remediation project in insightVM. I would like to assign the user to each remediation solution. There is "assignee" field in each solutions but I can't find the menu to change this field. Would you please tell how should I operate?
Posted by Yoshiki Eguchi about a year ago