Recently, Rapid7 took a step forward to deliver insight to our customers: our vulnerability management solutions now include the ability to deliver interactive guides. Guides are step-by-step workflows, built to deliver assistance to users at the right time. Guides are concise and may be absorbed with just a few clicks. They are available anytime on-demand within the user interface, so you can quickly and easily find the information you need, as you need it, where you will be applying it.
Here's an example:
How Guides Work
Interactive guides are powered by Pendo.io. As you navigate through the user interface, relevant guides are made available based on the area of the application in use. Pendo serves Rapid7 authored content directly to the user. The user's workstation must be connected to the internet to make use of these new capabilities. We understand this limits access for some of Rapid7's customers, but for most individuals, internet access has become as important as the keyboard or a monitor.
To be clear, to receive guides, the user's workstation requires internet access. The machine hosting the Security Console does not require access to the internet.
How are guides delivered in context?
In order to determine which guides are relevant to a user in the moment, very specific information is transmitted to Pendo from the user's browser:
- The URL navigated to
- CSS element the user has clicked on
- A globally unique, random identifier for the user
With this information, Rapid7 is able to deliver very specific guidance to users when they need it, for improved experiences within the product. All data collected is anonymized, and all communications between the user's workstation and Pendo.io are encrypted with SSL/TLS.
Is my Nexpose data transmitted?
No data that is collected by Rapid7 Nexpose about your organization's assets or vulnerabilities is transmitted to Pendo or Rapid7:
- No personally identifiable information, such as email addresses, names or User IDs is transmitted.
- No vulnerability data is transmitted.
- No asset data is transmitted, inclusive of software, attributes, IP addresses, and other metadata.
- No information collected by Scan Engines or Agents is transmitted.
I don't see any guides. When will they be available?
We're busy building guides right now. You can expect to see new guides in the coming weeks.
What if I cannot participate, or do not want to participate?
If your users have no access to the internet, then you won't be able to receive guides. No data will be transmitted and no guides will be delivered.
If you do not wish to receive guides, you can easily disable the capability on the Security Console:
- Login to the machine hosting the Security Console as an administrator
- Locate and edit nsc.xml. The file is located in the “deploy/nsc/conf/nsc.xml” directory. For example “/opt/rapid7/deploy/nsc/conf/nsc.xml” in some Linux distributions. Make a copy of the file in case you need to revert the configuration.
- Edit or add the following element <Analytics enabled=”false” />. This element should be a direct child of <NexposeSecurityConsole />.
This is a snippet of the nsc.xml file used to illustrate the format of the element. Your nsc.xml will differ.
Changes will take effect during the next Console restart.
Making inadvertent changes to the nsc.xml file can cause issues in your Security Console. Please contact Rapid7 Support for guidance or assistance.