Support Center
Frequently Asked Questions
General
- What is NeXpose?
- What is vulnerability management?
- What is vulnerability assessment?
- How long has Rapid7 and NeXpose been serving the vulnerability management market?
- Is NeXpose a software solution or an appliance?
- My company already uses firewalls and IDS (intrusion detection systems).Why do I need vulnerability management?
- Is NeXpose host-based or agent-based?
- What process is used to keep vulnerability signatures up-to-date?
- How often are signatures updated?
- Is your product CVE compatible?
- In what way will your product assist with compliance to ISO 17799, HIPAA, SOX, and GLBA? Explain.
- Can NeXpose be used to ensure compliance with the PCI Standard?
- Describe how your system can be deployed or used to allow consultants to run scans of customer’s internal networks.
- Describe how your solution can be integrated with another system to allow the other system to automatically cause a scan to run.
- Describe how your solution accounts for devices that use DHCP addresses?
Pre-Deployment
- What are the minimum system requirements for running NeXpose?
- What operating systems does NeXpose run on?
- Does NeXpose run on VMWare?
- I want to evaluate or have already purchased NeXpose. How do I request a copy of the software?
- When I click on my download link, I receive the error: "Invalid Download Request". Why?
- How do I install on Windows?
- How long does a scan take?
- How does NeXpose ensure efficient bandwidth utilization?
Installation
- What ports must be open in my firewalls for NeXpose to function?
- How do I get NeXpose to start automatically on Windows?
- All I see is a DOS prompt. How do I log in?
- How can I check to see if my NeXpose license is valid?
- How do I obtain a new license?
- How do I confirm a new license?
- Can I use NeXpose if I have an IDS/IPS?
- Can I use NeXpose if I have a firewall?
- How do I change the default session timeout of the Web User Interface?
- How do I initiate a manual update? How do I know if NeXpose is updating?
Scanning
- What types of devices does NeXpose analyze during a scan?
- Will NeXpose scan external devices?
- How many different types of vulnerabilities does NeXpose detect?
- How can NeXpose detect Denial of Service (DoS) vulnerabilities without bringing the network host down?
- How does NeXpose handle false positives and false negatives?
- What types of pre-defined scan templates are included with NeXpose?
- Does NeXpose require credentials to scan a target network?
- Where can I add credentials to a scan?
- How do I log in with credentials?
- Can NeXpose scan across XP's personal firewall?
- How do I set up an "asset discovery" scan?
- Where are / How do I edit my default policy files?
Reporting
- How do I add my logo to reports?
- How do I use the database export feature?
- What types of vulnerability reports are available?
- Describe what type of trending and differential reporting is available.
- Describe what level of workflow or ticketing functionality is included.
- Can a rating be assigned to a device in order to indicate how critical that device is to the business?
- Can users receive email alerts of security audit results?
- What report file formats can NeXpose generate?
- How is severity rated?
- How does critical / severe / moderate map to CVSS?
- What do the different severity levels in the vulnerability assessment results mean?
Troubleshooting
- Where can I get the NeXpose Administration Guide?
- How do I reset the default user/password created during the install?
- How do I send NeXpose logs to Rapid7 support?
- What if email is not enabled on the NeXpose server and I can't send Rapid7 support scan logs?
- How do I view the command console while using Linux?
- How do I view the command console while using Terminal Services?
Rapid7’s support during our product trial was excellent, and since our purchase it has consistently been great. If we need help or have a question, we always get a live person."
Joe Ferris
Network Security Engineer
IT Security Team, Florida State University
