Course Description
Looking to deploy a new vulnerability management program for your organization or for personal use? Interested in automating your scanning and streamlining reporting and analysis? Geared toward security professionals who have little to no Nexpose experience, this two-day interactive class, led by a Rapid7 Security Consultant, will walk you through some basic to intermediate product features, best security practices, and techniques for vulnerability scanning various devices within a typical network environment.
For flexible and accessible learning, this course is offered both virtually and on-site at your facility. The virtual class is hosted remotely on a Rapid7 lab and features simulated exercises against multiple scenario-driven target environments. Customers who participate in on-site trainings will apply their learned skills in hands-on scenarios in their own environment.
All participants will have access to the Nexpose Certified Administrator Exam as part of their training program; go from being the student to the master and leverage the knowledge gained from class to become certified.
What You'll Learn
Introduction to Nexpose
- Nexpose Architecture
- Scan Processes and Best Practices
Installation
- Requirements and recommendations
- Installing and pairing a scan engine
Operation
- Setting up sites and viewing results
- Running manual scans
- Reporting on the environment
Administration
- Managing users, roles, and permissions
- Managing scan credentials
- Tuning scans
- Creating custom report templates
- Organizing your data
Day 1
The first day will focus on vulnerability management methodology to give you a refresher in the basic concepts and workflow of a standard vulnerability management program. During this session, you’ll start with a practical walkthrough of the graphic interface to get your bearings, then jump into Nexpose for some real scanning activities.
- Nexpose and Its Architecture
- Navigating the User Interface
- Tuning a Scan Template
- The Seven Scan Steps
- Creating a Custom Scan Template and Credentials
- Slicing & Dicing – Organizing Your Data
- Security Analytics and Automation
Day 2
After nailing down the basics on Day 1, you will have a strong understanding of Nexpose capabilities and can progress into more advanced labs. Day 2 will consist of lab and lecture and will conclude with outlying questions and delving into topics that may be specific to your particular environment.
- Planning Your Deployment
- Installing Nexpose
- Creating and Pairing Scan Engines
- Vulnerability and Risk Scoring
- Administration and Troubleshooting
- Reporting
Prerequisites
Ideally, attendees should have the following:
- Experience with Windows® and Linux Operating Systems
- Basic knowledge of network protocols
- Basic knowledge of IPv4 address spacing