Does anyone know how to remove assets so that they don't keep showing up in our Top Riskiest assets? We've deleted them, but they keep showing up on our dashboard. Thank you in advance.
Posted by Sheryl about 7 hours ago
How can CVE-2019-0232 be detected by InsightVM on a Linux server? I could be missing something, but I have a Linux systems that has an identified vulnerability, Apache Tomcat: Important: Remote Code Execution on Windows (CVE-2019-0232).
Posted by Kyle Dellinger about 12 hours ago
I have an error messages when installing InsightVM on Ubuntu 16.04 LTS. When running ./Rapid7Setup-Linux64.bin -c, it comes with this error messages: Unpacking JRE ... Starting Installer ... //Rapid7Setup-Linux64.bin.1477.dir/jre/bin/java: 13: //Rapid7Setup-Linux64.bin.1477.dir/jre/bin/java: Syntax error: "(" unexpected (expecting ")") Is there anyone have same problem?... Please share how to solve it... Thank you very much.
Posted by Dewi Fitri a day ago
If an EC2 instance gets terminated, what's the best way to automatically have it cleaned up from the InsightVM console? Currently, I have sync turned on, but it doesn't seem to remove old assets that are not in AWS. I am using the new Amazon Web Services Asset Sync discovery connection. In addition, are there any plans to add Instance State to the InsightVM console, so I can filter or report on assets that are currently running?
Posted by Ilya 8 days ago
I am trying to get Site information for a known Asset using the API but am not finding a direct path to do so. The [getAsset](https://help.rapid7.com/insightvm/en-us/api/index.html#operation/getAsset) endpoint response does not include Sites associated with the Asset from what I can see. [Asset Search](https://help.rapid7.com/insightvm/en-us/api/index.html#operation/findAssets) does allow for a filter in the request body to include site-id, but that involves knowing the Site going in to the search. The response from this endpoint does not include the site-id even though you can use it to search. I really want to avoid getting all Sites and then iterating over those to get all Site Assets and working backwards from there. A few ideas came up as potential workarounds. One would be to use Tags on Assets where certain Tags are reserved for specific Sites. That is a less than ideal workaround since users could add Tags to their Assets on their own so could mistakenly add a Tag reserved for a Site they don't belong to. This article, https://kb.help.rapid7.com/discuss/59b9a1439045c30026ca390b, has a way to link Assets to Sites via SQL so it appears it can be done. Although not a good idea by any means and I don't even know if it would work, I thought about running this as a report and then grabbing the report results via the API to provide this relationship. Sites also show up in the UI when looking at an Asset, so obviously the relationship exists but I can't seem to get to it cleanly using the API.
Posted by Eric Urban 9 days ago
It is currently not possible to combine multiple criterias that must match via "all" and matching any of those with another "any" query, so to say a subquery. It would be really helpful to mix "any" and "all" filter for dynamic asset groups. Is this planned or is there a workaround?
Posted by David Prüller 14 days ago
Hi, I wanted to know for example how many assets have actively targeted vulnerabilities or what remediation efficiency they have, but those data is restricted to the exposure analytics platform and is currently not queryable. Will this be implemented or is there a workaround?
Posted by David Prüller 14 days ago
I am attempting to scan one ip that will have images reloaded on it to often. We have gotten them to scan few times but i have had to delete the cache and historical data each time. Now it wont scan at all, if it does it will scan for 13 minutes say its found 32 vulnerabilities then finish and have 0 vulnerabilities. Logs show 32 i have a case in, just wanted to see if anyone has had this problem or know what is going on. The ip is used for distributions of workstations but instead of going to all kinds of physical machines they use one ip upload the image scan and patch the delete it, upload again so on and so on.
Posted by Vanessa villalpando 16 days ago
I would like to set up credentialed scans using InsightVM to scan our networking devices such as routers, switches, firewalls, etc. I was wondering if anyone would happen to know what show commands are ran on these devices when checking for vulnerabilities.
Posted by Amanda Marczak 16 days ago
Hello, I am trying to run a scan and it is not picking up the IP addresses I have specified or reporting on any vulnerabilities. The scan completes successfully without any asset or vulnerability showing. I tried pinging the IP addresses from nexpose and they are reachable. Kindly assist, as this is urgent.
Posted by Veronica 17 days ago
A routine backup maintenance initiated a restart, but did not complete the restart which produced a hung state. The last few log logs and then the error line: [INFO] [Thread: CPU Memory monitor] The CPU and memory monitor thread was interrupted : sleep interrupted. [INFO] [Thread: Security Console Restart] Shutting down. [INFO] [Thread: Security Console Restart] Shutting down scan manager. [INFO] [Thread: Security Console Restart] Shutting down local scan engine. [ERROR] [Thread: Security Console Restart] Engine update thread pool still running. After that are Java exceptions on a 10 minute interval: Caused by: java.lang.ClassNotFoundException: Illegal access: this web application instance has been stopped already. Could not load [com.rapid7.nex.domain.user.RequestUserProvider]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access. Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire field: private com.rapid7.nex.system.user.IRequestUserProvider com.rapid7.nexpose.nsc.web.config.DatabaseConfig.m_requestUserProvider; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [com.rapid7.nex.domain.user.RequestUserProvider] for bean with name 'requestUserProvider' defined in URL [jar:file:/opt/rapid7/nexpose/shared/lib/managed/domain-13.0.1.jar!/com/rapid7/nex/domain/user/RequestUserProvider.class]; nested exception is java.lang.ClassNotFoundException: Illegal access: this web application instance has been stopped already. Could not load [com.rapid7.nex.domain.user.RequestUserProvider]. The following stack trace is thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access. Any insight into how/why this occurred and how to prevent?
Posted by William Shoemaker 18 days ago
Is it possible to view within Rapid7 if recommended patches have been superceeded by a different patch, and for whatever reason Nexpose has not yet been updated with this information? For example a couple of our servers this week came up with hits, and the recommended patch has been superceeded by a newer oner. Our DBs verified this via Oracle.
Posted by Russ Davis 20 days ago