In this article you will find:
How to Configure Rapid7 Nexpose connector
How to fetch assets and vulnerabilities from Rapid7 Nexpose
Vulnerability status mapping
How to automating remediation actions on Rapid7 Nexpose
Working with Rapid7 Insight VM
In the Connectors module, click on Add a Connector.
Click on a Rapid7 connector
Fill all relevant fields:
Server URL - URL and port of your Rapid7 Nexpose account.
For example: https://ip_address:port
Username - User to authenticate with Rapid7 Nexpose.
Use a user with role 'Global Administrator'. Make sure the user has access to relevant Sites and Groups. It is also recommended to set a password that won't expire to prevent permission issues in the future.
You can view your user at Rapid7 Nexpose platform --> Administration --> Users --> Manage.
Password - Password to authenticate with Rapid7 Nexpose.
The password must match the user.
We highly recommend Login to your Rapid7 Nexpose account with the credentials you've provided.
Click on Create
You can see the connector's progress in the Log tab
2. Fetch assets and vulnerabilities from Rapid7 Nexpose
In Assets --> Hosts, new assets from your Rapid7 account will be added to Vulcan.
You can view in Sources the product that identified the asset
Also, you have full visibility of vulnerabilities found on each specific asset and other important details about the asset (OS, last scan, tags, and more).
Please note that Rapid7 Host tags are a combination of the tags we are getting from the host AND the Asset Groups Names.
Click on an asset in order to view its Asset Card.
All the vulnerabilities found by Rapid7 will be displayed under the Vulnerabilities tab.
Depends on your scan type, you can pull the packages installed on your asset via Rapid7 under Packages.
All the relevant data from Rapid7 is pulled and can be viewed under the Details tab.
3.Vulnerability status mapping
In Rapid7 a vulnerability can be assigned a status to indicate they are no longer a risk, in Vulcan these vulnerabilities will appear in the vulnerability ignored tab with the relevant status. Users can use vulcan to ignore new vulnerabilities or continue to use Rapid7 exceptions. This table shows the status mapping:
4. Automating Remediation Actions on Rapid7 Nexpose
With Vulcan, you can automate remediation actions on specific assets.
Navigate to the Automation, click on Create new Playbook.
Name your playbook. For example: “Remediate Rapid7”
Add a description to your Playbook (optional)
Choose your Playbook’s trigger (Vulnerabilities to fix)
Vulnerability from source – The connector from which we pull assets. For example: Vulnerabilities from source Rapid7.
Vulnerability where – The rule which the playbook will be attached by. For example: Vulnerability where CVSS Score is greater than 7.
On assets where – The asset’s property you wish to be automated. For example: On assets where OS is Windows.
In this example, the vulnerability that will be fixed is any vulnerability with CVSS score higher than 7, which was found on assets with Windows OS, and that was discovered by Rapid7 connector.
Choose an action at Remediation actions to automate the process. For example: Open ServiceNow ticket and assign it to the relevant team.
5. Working with Rapid7 Insight VM
Communication to Insight VM is done via Rapid7 Nexpose.
If you wish to connect your Insight VM simply enter the credentials of your Rapid7 Nexpose.