Posts by Leo Varela

4 min Metasploit

EternalBlue: Metasploit Module for MS17-010

This week's release of Metasploit [] includes a scanner and exploit module for the EternalBlue vulnerability, which made headlines a couple of weeks ago when hacking group, the Shadow Brokers, disclosed a trove of alleged NSA exploits [/2017/04/18/the-shadow-brokers-leaked-exploits-faq]. Included among them, EternalBlue, exploits MS17-010 [], a Windows SMB vulnerability. This week

1 min Vulnerability Management

Further Control of Dynamic Connections with Adaptive Security

As we have reached out to customers for feedback on Adaptive Security use cases (see: Adaptive Security Overview [/2015/10/02/adaptive-security-overview] for details on this feature), we have found that many customers would like to control the outcome of the “New Asset discovered” trigger. They want to be able to not just kick a scan since they either have some restrictions as to when to scan, or they don't scan everything that comes out of DHCP (or other dynamic source of assets), for some netw

2 min

Adaptive Security Overview

In Nexpose 6, we are introducing Adaptive Security, a smarter way to automate actions taken based on security incidents as they occur in your environment. The ultimate goal is to give back to security teams the time spent configuring tools to respond to a threat and automating the tedious and repetitive tasks taken to understand changes in the asset inventory and the threat landscape. With Adaptive Security, you can create workflows called automated actions that respond to new and existing asse

2 min AWS

The real challenge behind asset inventory

As the IT landscape evolves, and as companies diversify the assets they bring to their networks - including on premise, cloud and personal assets - one of the biggest challenges becomes maintaining an accurate picture of which assets are present on your network. Furthermore, while the accurate picture is the end goal, the real challenge becomes optimizing the means to obtain and maintain that picture current. The traditional discovery paradigm of continuous discovery sweeps of your whole network

2 min

The Operational Report

There are several kinds of reports available in ControlsInsight. One that I want to bring your attention to is the operational report, a report that provides details to be consumed by your IT department. The operational report was born to bridge the gap between identifying security controls needed in your organization and implementing them. The WHY and HOW associated to the WHAT. It is one of the most important parts of the product because it is meant to drive action. It gives you the latest in

1 min API

APIs, the fastest and easiest way to get Nexpose integrated in your environment.

The Nexpose team have created some really cool integration points for Nexpose that you can use with your events and tools. Now to make it even simpler we have created a couple of blogs that will walk you through some integration scenarios which will guide you and give you a head start on how to create your very own integration! All these examples are simple enough to follow, and complex enough to be used as part of your unique environment's integration. Let us know if you found them helpful, ho

4 min Release Notes

Configuration assessment and policy management in Nexpose 5.2

We love our policy Dashboards. They are new, hot, intuitive, robust and really useful. In our latest release of Nexpose, version 5.2, we've made two major enhancements to our configuration assessment capabilities: * A policy overview dashboard: To understand the current status of compliance of configurations delivering a summary of the policy itself.A policy rule dashboard: To provide further details for a particular rule and the current compliance status for that rule. What makes th

4 min Javascript

Java API client - How to augment it and share with the community

The prerequisite is that you get the client: clee-r7/nexpose_java_api · GitHub [] This blog post will show you how to augment the java api client and use it in 4 easy steps. The Java API client uses XML templates to generate requests. Browse to the src/org/rapid7/nexpose/api folder within the API source code, you will see the templates for the currently supported API client requests. i.e:  AssetGroupSaveRequest.xml. There are currently 2 versions of