Posts by mglinski

2 min

AIX coverage: See what you need to see

In a huge refinement to IBM AIX vulnerability coverage, Nexpose version 5.10.8 and later scans AIX machines for a specific set of patches related to known vulnerabilities. This more focused approach provides easier management of AIX machines by allowing you to see very quickly how affected systems are vulnerable and which solutions need to be applied. As Nexpose searches only for vulnerabilities, the scans are significantly faster. This allows you to stay up to date with the published vulnerabi

2 min

Kali-lujah! Nexpose now supports Kali Linux

2017 Update: Our Kali support in Nexpose was deprecated some time ago. For information on supported operating systems and all things Nexpose, see our help site [] or reach out to your CSM. Pen testers and Kali Linux lovers, get your Nexpose on! Now you can install Nexpose on the same platform you use for everything else! As of the Nexpose 5.9.13 release, Kali Linux is now an officially supported operating system. You can now install Nexpose on Kali Linux 64-b

3 min

OpenSSL gets more open: Scan for CVE-2014-0224

Just when things were starting to quiet down, posted a security advisory on June 5, 2014. Meet CVE-2014-0224, a vulnerability that makes a network susceptible to a man-in-the-middle (MITM) attack, allowing bad guys to decrypt and modify traffic from the attacked client and server. If reading this is giving you heartburn, read on: The Nexpose June 6 update provides coverage for CVE-2014-0224. You can create a scan template that will focus your scan on CVE-2014-0224, to the exclusion

2 min

Creating risk trends based on RealContext tags

Risk is everywhere. Look around your organization: It's in your Web applications. It's in your database servers. It's in every workstation your IT team deploys. And, unfortunately, it's in the people who use and administer these machines. The bad guys are betting on it. So, what if you could track risk over time for assets associated with people and teams in your organization? For example, wouldn't it be handy to compare risk trends on servers assigned to different IT administrators so that you

1 min Nexpose

Getting Nexpose Help to load in your Community edition

There is a known issue with the Community edition of Nexpose, version 5.7.10: The Help and Support pages fail to load. We will correct the issue in a future Nexpose release. In the meantime, you can get Help to load with this simple workaround: 1. Go to the \help directory in your Nexpose installation directory. Example: rapid7\nexpose\nsc\htroot\help 2. Rename the enterprise subdirectory of Help as community. Example: rapid7\nexpose\nsc\htroot\help\community\html 3. Refresh the Nexp

1 min

What's in your latest Nexpose coverage update?

As of November 21, 2012, Rapid7 is releasing coverage updates on a weekly basis to help you keep your environment current with your ever-evolving security needs. What is a coverage release anyway? Coverage releases include new and updated vulnerability checks, new fingerprints, and improvements to accuracy and scan performance. How do I find out what's in a given coverage release? You can always find out what's in your latest coverage update by going to the weekly coverage release notes [http

2 min

Seek and you shall find...information!

Nothing frustrates me more than searching online for something I desperately need to put out a fire, and getting tons of results...except for that one critical nugget that I'm looking for. Well, actually, one thing does frustrate me more: when I hear that Nexpose users are having that experience! (Full disclosure: I'm the Nexpose documentation manager.) So, we're doing something about it. We're revamping our search in Nexpose Help for a future release so that you can find what you need quickly

1 min

A good word to remember: Glossary

What's a site? What's an asset group? How is a static site different from a dynamic site? What is discovery? Is it the same as vAsset discovery? What's an unmanaged asset? What's a node? What's Total risk? And what about all those acronyms: CPE, CCE, SCAP, USGB…? Every Nexpose customer document and the Help site include a comprehensive glossary of terms that you will find in Nexpose. It covers names for features, workflows, user roles, and industry-standard terms and concepts that are essenti

1 min

What's new in the Nexpose 5.1 User's Guide?

I'm the manager for the Nexpose Documentation team at Rapid7. I want to tell you about what's new in our user's guide as of the Nexpose 5.1 release. The 5.1 guide, of course, covers the exciting features we've added to the 5.1 release. It's also been expanded with richer reporting information. New dynamic asset group search filters Find out how to search for assets and create dynamic asset groups based on new criteria: * risk scores * exploit and malware exposures * CVSS risk metrics * PC