When I have run nexpose (InsightVM) for the first time, there is an ERROR output and scan stopped. How to resolve this issue? 2019-04-23T08:24:45 [ERROR] Entry drupal-CVE-2018-1000888.xml not found in /opt/rapid7/nexpose/plugins/java/1/DrupalScanner/1/vulns.jar. Please update to the latest product version. 2019-04-23T08:24:45 [ERROR] drupal-CVE-2018-1000888.xml not found. Please update to the latest product version. 2019-04-23T08:24:45 [WARN] [Scan ID: 1] Success callbacks not running due to error in task
Posted by Hubton about a month ago
hi Team, I work for a private firm in India. I am facing an issue with Nexpose Vuln results. Here is the details I am getting report saying that there is office related patches are required for server, but when i log-in and check manually, there is on office installed in the specific workstation(only a sharepoint component is installed). And, as per the nexpose suggestions i am trying to install the suggested patch to resolve the vuln, but when i run the patch system says this patch is not applicable. i am not sure how to identify this or fix this vuln. Kindly suggest. Thank you.
Posted by Sharan about a month ago
Hello, I'd like to produce a KRI value that shows percentage of scanned hosts versus a list of known reachable subnets. For instance, this list of reachable subnets can be pulled from Solarwinds IPAM, or SNMP polling of Cisco gear, or simply a CSV/XML/JSON. Having a discovery scan will not suffice as there may be drift of in-scope subnets within the Nexpose/InsightVM system and real reachable subnets. Thanks! Matt
Posted by Matt Brown 2 months ago
Good day, a client presented the following case: "I would like your help to know which are the best practices or standards that Rapid7/Nexpose recommends based on the "Average asset risk score", since we are in an audit process and we see that Nexpose gives us a level of risk, but we do not know what is the optimum level, medium or minimum. For example, in a report that was made, "Average asset risk score: 96,585", what would be the optimum level of this score recommended by the Rapid7 engineers? What is the standard that is taken for this type of score or who defines what is the optimal level and what is not? In one of the previous reports, an objective of 30,000 was defined internally in terms of the "Average asset risk score", but it was an internal agreement and what we want to know is what would this objective be based on a standard, or what number we should take as a basis for this "Average asset risk score" and that in front of an audit we can check, since we could put instead of 30,000 maybe less or more, but we want to base ourselves better on a standard." We investigate that to measure the "Average asset risk score" it is known that the risk score report provides grades for each of your Nexpose groups which can be organized by Sites, Tags, or Asset Groups based on how you want to organize your environment. The grading system works on the A through F range and is based on a curved scale system of your environment. In this case, the closer you are to the letter A is good and the further you move towards the F is critical (information from: https://blog.rapid7.com/2014/08/13/improving-visibility-into-your-security-program-the-risk-scorecard-report/). We want to know if you can suggest that "standard measure" to evaluate the "Average asset risk score" or if in this case it does not exist and everything depends on the evaluations carried out by other methods. First of all, Thanks. Best regards.
Posted by Julio César Sánchez 2 months ago
Dear Team , Is there any way possible way to achieve Reported Vs Remediated for a particular month in Nexpose . The report should be in such a format that at the start of the month ( Eg : Jan 1st 2019 ) how many vulnerabilities has been reported for a particular site including ( New Vs Remediated ) . At the end of the month ( Eg : Jan 31st 2019 ) how much has been remediated .
Posted by Vinoth 2 months ago
I am trying to find the site names for different ranges of IP addresses. Is it possible to achieve this via the nexpose API? I checked the asset search criteria in the api documentation but the responses had no mention of the site names.
Posted by Shubham Bhardwaj 10 months ago
I'm wondering what the best way to use automated actions in Nexpose when also utilizing a DHCP discovery connection. For instance, I have one action that allows me to scan in site when new assets are discovered containing a certain string in the hostname. This is great in that it gets new assets scanned quickly. But how do I follow up with subsequent scans when the IP addresses change (leases change). If I use the automated action option 'known asset available' and 'last scan date' 'earlier than X days'... how does Nexpose actually define "asset". As an example, I had a computer with IP (changed for here) 10.11.12.13 scanned on July 7. And had the action set up such that if known asset with last scan date earlier than 7 days is available, to scan it in site. It didn't work. I checked and discovered that this system received a new IP address a short time later. It has not been scanned again with the new IP address. I'm having trouble applying the automated actions logic. I've looked on the help pages a bit but so far no luck. Looking for options and perhaps clarification on the above. Thanks!
Posted by Scott Lussier 11 months ago
Hi, I have Nexpose installed on a Windows Server 2012 R2. But i wonder is i can move the sites and scans performed in Windows Server 2012 to another system such as Windows Server 2016 which has another Nexpose system installed on there. I want to be able to copy it all there and see it all the same way the sites and scans show up in the Server 2012 system.
Posted by Black Xps 11 months ago
I have several servers that are reported as missing a specific update, KB3018238. I have verified the documentation from Microsoft that this update was rolled into a more recent patch of KB2992611. I attempted to install the update, KB3018238, via powershell by expanding the update and using dism to install it manually. This vulnerability still shows in the scan engine after installing the update. Anyone run into this issue before?
Posted by Evan Prohaska about a year ago
What goes into the composition of the Vulnerability Risk Score and Vulnerability Severity Level? How are they measured? What is the difference between these 2? Is one considered "better" than the other?
Posted by Kevin Keer about a year ago
We trying to update older Nexpose Appliance from ubantu version 8 to 10 so we can at least get it to version 12 via a usb drive. When we power up the appliance it run thru POST and all we get is cursor on the monitor and on the display system bootup message. Is their any options of rebuilding the server?
Posted by Alfredo Martinez about a year ago
Hello, I am researching what CVSS version is being reported in my reports on Nexpose. When I manually view asset vulnerabilities in the console, I see a v2 and a v3 of the CVSS. Are my reports (the default Nexpose reports) reflecting the CVSS v2 or is it the v3? I looked into writing my own SQL query and I found (dv.cvss_score) but again I am not sure if that is v2 or v3. Any help is appreciated. My goal is to make sure my reports are reflecting v2 only and not v3. Thank you, Scott
Posted by Scott Walker about a year ago
There is a question about the scan delay of Nexpose. I have previously sent inquiries regarding the delay in scanning speed. I know I need to modify the Discovery Performance values in the scan template settings to improve the scan speed. However, there was no difference in scan speed when the Discovery Performance values were modified. I wonder if there are any factors that could affect Nexpose's scan performance apart from Discovery Performance values. I would also like to ask if you can solve this problem.
Posted by yryim about a year ago
Looking for some assistance with this incident that is appearing on several of our systems. Proof: Vulnerable OS: Microsoft Windows Server 2008 R2, Datacenter Edition SP1 Microsoft patch KB4025337 installed According to the Microsoft Security Guidance, updated patches were released in September. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8529 This particular system has both the September IE11 Cumulative Update installed, as well as the Security only update rollup. The vulnerability proof is calling out that a particular patch is installed. While there were issues with that patch, several patches superseded it. I'm not sure where to start at trying to resolve this.
Posted by Mark Payne about a year ago
[Originally posted by **Narendra Jayram**] I came up with three approaches. But, stuck :( First Approach: Hitting the link Problem: I am not seeing the complete software details. It seems to be not accurate as I am not seeing any web apps and other native apps . Second approach: Pulling all the asset details; then get the software details Problem: I am finding it bit challenging to hunt for software this way Third approach: Through SQL query ``` SELECT da.ip_address as IP_Address, da.host_name as Hostname, ds.name as Software, ds.version as Version FROM fact_asset_scan_software JOIN dim_asset da USING (asset_id) JOIN dim_software ds USING (software_id) ``` Problem: Vulnerability filters are being applied by default. In simple words, I am trying to find all the software details classified based on the host/ IP. PS: I am not looking for vulnerability report. I am using nexpose like an asset inventory
Posted by Edward Sheehy about a year ago