2 min
Nexpose
Nexpose 5.6 - Top Remediation Reports - Reports that provide the biggest bang for your buck
Nexpose 5.6, in case you haven't heard, added the Top Remediation report
templates. Why is this a game changer??? Because now you can view security from
an actionable lens that focuses and expands to fit your needs. The report
orders the remediations according to their effect on your organization, rolling
up solutions across assets and allowing you to take the most impactful steps
available. What does this mean for you? Well instead of asking "what is wrong",
you can now ask "what should I do".
5 min
Release Notes
Simplify Vulnerability Management with Nexpose 5.6
We are pleased to announce the next major release of Nexpose, version 5.6. This
release focuses on providing you the most impactful remediation steps to reduce
risk to your organization and extends our current configuration assessment
functionality.
New Look and Feel
The most visible change in Nexpose 5.6 is the new look and feel of the user
interface. The action header is now smaller to maximize screen space and
usability, and the new colour scheme makes it easier to focus on important areas
2 min
Nexpose
Calculating Your Average Scan Time
If you are looking to balance out your scan schedule or add new scans to the
mix, it can be helpful to get some direct insight into how much time a new scan
is going to take. One way to estimate that is based upon how long your current
scans are already taking.
To that end, I threw together a script that looks at current scan history and
calculates average scan time per asset. To keep some balance, I only look at
Full audit scans and their live assets. I then calculate the average number of
min
1 min
Nexpose
Making the Nexpose Gem Easier to Use
In an effort to make API access to Nexpose easier, some efforts are underway to
make the Nexpose Gem [http://rubygems.org/gems/nexpose] easier to use. For those
unfamiliar with the gem, it is a Ruby library that allows for easier scripting
against a Nexpose security console.
Changes to Site
Making changes to a site configuration through the gem used to be a little
complex. The attributes on the configuration were locked down from editing, and
sometimes buried deep in structures that mirrored th
3 min
Nexpose
Introducing Nexpose 5.5 - CIS, USGCB 2, Enhanced Reporting, and Data Scalability
For those of you that don't know me, I head up the Nexpose engineering team, and
we are excited to introduce the latest release, Nexpose 5.5. This release
focuses on meeting three big needs that we've heard about from our customers.
The first is configuration assessment. This is a big deal for organizations that
are subject to regulatory or internal standards that require confirmation of
specific configurations of IT assets, such as USGCB 2.0. For those
organizations, proving compliance is pain
2 min
Nexpose
Multi-tenant User Provisioning
Introduction
Performing bulk operations can be time consuming in Nexpose. A good example is
user provisioning, which can take a long time. To save time, using the Nexpose
APIs is an effective way to save you time and eliminate the error-prone process
of doing everything manually. For this blog post, I want to demonstrate how you
can manage users using the Nexpose API. I will be using an open source Java API
client, which is available on clee-r7/nexpose_java_api · GitHub
[https://github.com/clee-
1 min
Nexpose
Moving from HML (High, Medium, Low) Hell to Security Heaven – Whiteboard Wednesdays
At last check there are about 22 new vulnerabilities being published and
categorized every single day (see National Vulnerability Database web site -
http://nvd.nist.gov/). In total, the National Vulnerability Database now
contains more than 53,000 vulnerabilities. No wonder security professionals are
overwhelmed with the sheer volume of vulnerabilities in their daily practices.
At the same time, the prioritization schema that many organizations use are
quite basic and are either proprietary or
2 min
API
How to generate reports through the API
Nexpose provides a number of api methods for report management. Through the API
you can create/update a report configuration, generate a report on the fly, and
view the status of the generation requests.
A report configuration, in particular, is a configuration for a type of report.
With a configuration, a user can specify the template, format, and content for a
report. In order to create a configuration via the API a user must generate a
ReportSaveRequest.
ReportSaveRequest - The report save
0 min
Nexpose
Nexpose Reporting with the Java API Client
Nexpose reporting just got easier!
Now you can manage and generate Nexpose reports though an interactive
application that leverages the Nexpose Java API client.
Here is a list of the options that are currently supported.
1. List Reports
2. Generate Reports
3. Delete Reports
4. Delete Report Configurations (and all associated reports)
5. View Report Configuration
6. View Report History
Attached is a copy of the application and the source code so you can easily
modify and extend its func
5 min
Nexpose
Nexpose Community Edition Lab | Scanning & Reports
In the previous blog post [/2012/06/28/using-nexpose-at-home-theory], we walked
through creating a virtual machine and installing Nexpose Community for use in a
small lab environment. In this post, we'll highlight key features of Nexpose,
run Discovery and Vulnerability scans and finally generate a report to assist
with remediating those pesky vulnerabilities.
To log into your Nexpose Console, open your browser and navigate to:
https://localhost:3780 [https://localhost:3780/], then input th
2 min
Nexpose
Getting the Most from Customizable CSV Exports - Part 2
Hi there SecurityStreet! As a Technical Proposal Writer for Rapid7, I get to do
technical deep dives of Nexpose with our Engineering and Security Solutions
teams. Lately I've had a lot of chances to describe the enhanced CSV exports
we've added in Nexpose 5.2, but up until now I haven't gotten the chance to
really show off their capabilities.
As Sean Blanton said in our first demonstration
[/2012/04/23/getting-the-most-from-customizable-csv-exports-part-1] of the new
CSV export capabilities, us
3 min
Nexpose
How to Secure Your Videoconferencing Systems: H.323 Scanning with Rapid7 Nexpose
For my inaugural post on the SecurityStreet blog, I thought it would be
beneficial to highlight the H.323 coverage I recently added to Nexpose. With all
the attention HD Moore's work
[/2012/01/23/video-conferencing-and-self-selecting-targets] in this area
garnered, it seemed that there was a definite need for this functionality, so as
of Nexpose 5.2, users can scan their networks for devices running H.323 services
as well as detect whether those services have the auto-answer functionality
enable
2 min
Nexpose
Automating Nexpose Discovery Connections through the Java API
Nexpose has long offered APIs allowing for automated workflow operations. The
following examples are intended to help Nexpose users automate the discovery
mechanisms feature through the API. The following code shows how to leverage the
Java API client [https://github.com/clee-r7/nexpose_java_api] to create, list,
update and delete discovery mechanisms in Nexpose.
Nexpose supports Discovery connection API starting on version 5.2. The
supported operations on the API with regards to discovery ar
6 min
Nexpose
Integrating Nexpose Community and Metasploit Community in Backtrack 5 R2
I recently packaged up the new Nexpose release so that Backtrack users can have
an up-to-date version of Nexpose, straight from the Backtrack repos. This seemed
like a great time to also go over installing Nexpose Community and integrating
it with the already-installed Metasploit Community.
1. Getting Started
Before we get started, I would recommend grabbing a copy of Backtrack 5 R2
64-bit. The machine you want to use will need to have at a minimum 2GB of RAM
and at least 5GB space on the hard
4 min
Release Notes
Configuration assessment and policy management in Nexpose 5.2
We love our policy Dashboards. They are new, hot, intuitive, robust and really
useful. In our latest release of Nexpose, version 5.2, we've made two major
enhancements to our configuration assessment capabilities:
* A policy overview dashboard: To understand the current status of compliance
of configurations delivering a summary of the policy itself.A policy rule
dashboard: To provide further details for a particular rule and the current
compliance status for that rule.
What makes th