2 min
Nexpose
Site Consolidation with the Nexpose Gem
The introduction of the scan export/import feature opens up the ability to merge
sites, at least through the Ruby gem.
Imagine a scenario where you had split up your assets into several sites, but
now you realize it would be easier to manage them if you just merge them into
one. Maybe you have duplicate assets across sites and that wasn't your intent.
The script below allows you to merge multiple sites into one. I replays the
scans from each site into the new one (in just a fraction of the amou
2 min
API
Scan Export/Import Using the nexpose-client Gem
The latest release (5.10.13) introduces a new feature into Nexpose, scan
exporting and importing. We're looking to address a need in air-gap
environments, where customers can have multiple consoles to address network
partitioning. This approach is not without its warts. For example, if you have
deleted assets from a site, this process will bring them back to life.
This post is going to walk through a pair of Ruby scripts using the
nexpose-client gem. The first script will export the site config
2 min
Nexpose
Calculating Your Average Scan Time
If you are looking to balance out your scan schedule or add new scans to the
mix, it can be helpful to get some direct insight into how much time a new scan
is going to take. One way to estimate that is based upon how long your current
scans are already taking.
To that end, I threw together a script that looks at current scan history and
calculates average scan time per asset. To keep some balance, I only look at
Full audit scans and their live assets. I then calculate the average number of
min
1 min
Nexpose
Making the Nexpose Gem Easier to Use
In an effort to make API access to Nexpose easier, some efforts are underway to
make the Nexpose Gem [http://rubygems.org/gems/nexpose] easier to use. For those
unfamiliar with the gem, it is a Ruby library that allows for easier scripting
against a Nexpose security console.
Changes to Site
Making changes to a site configuration through the gem used to be a little
complex. The attributes on the configuration were locked down from editing, and
sometimes buried deep in structures that mirrored th