I am trying to find the site names for different ranges of IP addresses. Is it possible to achieve this via the nexpose API? I checked the asset search criteria in the api documentation but the responses had no mention of the site names.
Posted by Shubham Bhardwaj 4 months ago
I'm wondering what the best way to use automated actions in Nexpose when also utilizing a DHCP discovery connection. For instance, I have one action that allows me to scan in site when new assets are discovered containing a certain string in the hostname. This is great in that it gets new assets scanned quickly. But how do I follow up with subsequent scans when the IP addresses change (leases change). If I use the automated action option 'known asset available' and 'last scan date' 'earlier than X days'... how does Nexpose actually define "asset". As an example, I had a computer with IP (changed for here) 10.11.12.13 scanned on July 7. And had the action set up such that if known asset with last scan date earlier than 7 days is available, to scan it in site. It didn't work. I checked and discovered that this system received a new IP address a short time later. It has not been scanned again with the new IP address. I'm having trouble applying the automated actions logic. I've looked on the help pages a bit but so far no luck. Looking for options and perhaps clarification on the above. Thanks!
Posted by Scott Lussier 5 months ago
Hi, I have Nexpose installed on a Windows Server 2012 R2. But i wonder is i can move the sites and scans performed in Windows Server 2012 to another system such as Windows Server 2016 which has another Nexpose system installed on there. I want to be able to copy it all there and see it all the same way the sites and scans show up in the Server 2012 system.
Posted by Black Xps 5 months ago
I have several servers that are reported as missing a specific update, KB3018238. I have verified the documentation from Microsoft that this update was rolled into a more recent patch of KB2992611. I attempted to install the update, KB3018238, via powershell by expanding the update and using dism to install it manually. This vulnerability still shows in the scan engine after installing the update. Anyone run into this issue before?
Posted by Evan Prohaska 8 months ago
What goes into the composition of the Vulnerability Risk Score and Vulnerability Severity Level? How are they measured? What is the difference between these 2? Is one considered "better" than the other?
Posted by Kevin Keer 9 months ago
We trying to update older Nexpose Appliance from ubantu version 8 to 10 so we can at least get it to version 12 via a usb drive. When we power up the appliance it run thru POST and all we get is cursor on the monitor and on the display system bootup message. Is their any options of rebuilding the server?
Posted by Alfredo Martinez 9 months ago
Hello, I am researching what CVSS version is being reported in my reports on Nexpose. When I manually view asset vulnerabilities in the console, I see a v2 and a v3 of the CVSS. Are my reports (the default Nexpose reports) reflecting the CVSS v2 or is it the v3? I looked into writing my own SQL query and I found (dv.cvss_score) but again I am not sure if that is v2 or v3. Any help is appreciated. My goal is to make sure my reports are reflecting v2 only and not v3. Thank you, Scott
Posted by Scott Walker 9 months ago
There is a question about the scan delay of Nexpose. I have previously sent inquiries regarding the delay in scanning speed. I know I need to modify the Discovery Performance values in the scan template settings to improve the scan speed. However, there was no difference in scan speed when the Discovery Performance values were modified. I wonder if there are any factors that could affect Nexpose's scan performance apart from Discovery Performance values. I would also like to ask if you can solve this problem.
Posted by yryim 9 months ago
Looking for some assistance with this incident that is appearing on several of our systems. Proof: Vulnerable OS: Microsoft Windows Server 2008 R2, Datacenter Edition SP1 Microsoft patch KB4025337 installed According to the Microsoft Security Guidance, updated patches were released in September. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529 This particular system has both the September IE11 Cumulative Update installed, as well as the Security only update rollup. The vulnerability proof is calling out that a particular patch is installed. While there were issues with that patch, several patches superseded it. I'm not sure where to start at trying to resolve this.
Posted by Mark Payne 9 months ago
[Originally posted by **Narendra Jayram**] I came up with three approaches. But, stuck :( First Approach: Hitting the link Problem: I am not seeing the complete software details. It seems to be not accurate as I am not seeing any web apps and other native apps . Second approach: Pulling all the asset details; then get the software details Problem: I am finding it bit challenging to hunt for software this way Third approach: Through SQL query ``` SELECT da.ip_address as IP_Address, da.host_name as Hostname, ds.name as Software, ds.version as Version FROM fact_asset_scan_software JOIN dim_asset da USING (asset_id) JOIN dim_software ds USING (software_id) ``` Problem: Vulnerability filters are being applied by default. In simple words, I am trying to find all the software details classified based on the host/ IP. PS: I am not looking for vulnerability report. I am using nexpose like an asset inventory
Posted by Edward Sheehy 9 months ago
In setting our scheduled scans, I'm having some frustrations with the limitations of the schedule. What I would like is the option to be able to specify what week AND day scans run. For example, we have our scans run during the first full week of every month, with a different site scanning every day of that week. So for site A, I set the schedule to be the first Monday of the month. For site B, it would be the first Tuesday of the month. The issue is that if the first Tuesday is the 1st of the month, and the first Monday scan will take place the following week. Is this the best forum for a feature request like this?
Posted by Zach Garrow 9 months ago
I'm having some trouble scheduling a report to be generated from the latest scan. Within the Scope section of the report configuration page there are two options 1. Select Scan -> which forces you to select a specific scan to run the report on, scheduling it using that scan will cause the report to generate from that specific scan every time the report runs, there is no option to run the report against the latest scan. 2. Select Site -> Which allows you to select a site to run the report on, but will include the results of all scans to date, Using the "Use only the assets found in the last scan" still applies previously found vulnerabilities to currently clean devices, according to the latest scan (assuming the asset in question was found in the last scan) Is there a way to schedule a report to always generate from the latest scan of the site?
Posted by Eldon Taylor 9 months ago
NEXPOSE - API Revive DHCP Service Dynamic Connection I find that my DHCP Service connection within Nexpose does not tend to re-establish properly after application upgrades or any sort of service disruption. I ultimately end up re-saving the existing connection configurations for a discovery connection to be established. I'm looking at writing a monitor to watch discovery connections and re-create them if they are unavailable for more than a specified time limit. Has anyone already written something similar or better until the service is more reliable?
Posted by BrianWGray about a year ago
Is it possible to run nexpose scan against your environment. We have a windows server box that host multiple Linux servers, of which one of them houses the nexpose scan engine. If it possible, how do we do it? What do need to avoid? In the online documentation https://metasploit.help.rapid7.com/v1.1/docs/discovery-scan - where would I reference it?
Posted by Gene about a year ago