Nexpose

Version: 2.0.0

Nexpose, Rapid7's on-premise option for vulnerability management software, monitors exposures in real-time and adapts to new threats with fresh data, ensuring you can always act at the moment of impact.

Connect Nexpose with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Nexpose.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • Nexpose Server: Server name for your Nexpose instance.
    • Nexpose Server Port: Server port for your Nexpose instance.
    • Username: Username for your Nexpose instance.
    • Password: Password for your Nexpose instance.
  4. After you've entered all the details, click Connect.

Actions for Nexpose

Vulnerability Scan

Scan of a given IP address for vulnerabilities.

Input Field

Input NameDescriptionRequired
Column nameColumn name from parent table to lookup value for. Table should have only 1 row.Required

Get Scan Report

Retrieve the report of the latest scan.

Input Field

Choose a connection that you have previously created to complete the connection.

Find Affected Hosts

Find hosts affected by a given CVE number.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Column nameColumn name from parent table containing CVE Number.Required

Retrieve All Scans

Find all scans that are currently either active or inactive.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Scan typeType of scan (Default is Active).Required

Stop Scan

Stop scan with given ID.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Column nameColumn containing Scan ID.Required

Create Site

Creates a new site with the specified configuration. This uses the v3 API of the Nexpose.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
NameJinja-templated text containing the name of site. Name must be unique.Required
DescriptionJinja-templated text containing the description of site.Optional
Engine IdJinja-templated text containing the identifier of a scan engine. Default scan engine in your Nexpose account will be selected when not specified.Optional
Template IdJinja-templated text containing the identifier of a scan template. Default scan template in your nexpose account will be selected when not specified.Optional
Included TargetsJinja-templated json containing the addresses to be included in the site's scan. Eg {"addresses": ["string"],"links": [{"href": "https://hostname:3780/api/3/...","rel": "self"}]}Required
Excluded TargetsJinja-templated json containing the addresses to be excluded in the site's scan. Eg {"addresses": ["string"],"links": [{"href": "https://hostname:3780/api/3/...","rel": "self"}]}Optional

Output

A JSON object containing row of result:

{
	"has_error": false,
	"id": 38,
	"links": [{
		"href": "https://localhost:3780/api/3/sites",
		"rel": "self"
	}, {
		"href": "https://localhost:3780/api/3/sites/38",
		"rel": "Site"
	}],
	"error": null
}

Delete Site

Deletes a specific site. This uses the v3 API of the Nexpose.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Site IdJinja-templated text containing the site Id to be deleted.Required

Output

A JSON object containing row of result:

{
	"has_error": false,
	"links": [{
		"href": "https://localhost:3780/api/3/sites/38",
		"rel": "self"
	}],
	"error": null
}

Create Site Scan

Creates a new scan schedule for the specified site. This uses the v3 API of the Nexpose.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Site IdJinja-templated text containing the id of the Site for which Scan Schedule has to be created.Required
DurationJinja-templated text containing the maximum duration the scheduled scan is allowed to run.For example, 'P5DT10H30M' represents a duration of '5 days, 10 hours, and 30 minutes'.Required
EnabledThe boolean value indicating whether the scan schedule is enabled. Default is 'False'.Optional
onScanRepeatJinja-templated text containing the desired behavior of a repeating scheduled scan when the previous scan was paused due to reaching is maximum duration. Supported values are 'restart-scan' and 'resume-scan'.Required
Repeat Day of WeekJinja-templated text containing the day of the week the scheduled task should repeat. This property only applies to schedules with a 'Repeat Every' value of 'day-of-month'.Optional
Repeat EveryJinja-templated text containing the frequency schedule repeats. Each value represents a different unit of time and is used in conjunction with the property 'Repeat Interval'. Supported values are 'hour', 'day', 'week', 'date-of-month', 'day-of-month'".Required
Repeat IntervalJinja-templated number containing the interval time in which schedule should repeat. The is depends on the value set in 'Repeat Every'. For example, if the value in property every is set to 'day' and interval is set to 2, then the schedule will repeat every 2 days.Required
Repeat Last Day of MonthThe boolean value to enable repeating last day of month. Default is False.Optional
Repeat Week of MonthJinja-templated text containing the week of the month the scheduled task should repeat. For This property only applies to schedules with a 'Repeat Every' value of 'day-of-month'. Each week of the month is counted in 7-day increments. For example, week 1 consists of days 1-7 of the month while week 2 consists of days 8-14 of the month and so forth.Optional
Scan Engine IdJinja-templated text containing the identifier of the scan engine to be used for this scan schedule. If not set, the site's assigned scan engine will be used.Optional
Scan Template IdJinja-templated text containing the identifier of the scan template to be used for this scan schedule. If not set, the site's assigned scan template will be used.Optional
StartJinja-templated text containing the scheduled start date and time. Date is represented in ISO 8601 format (Example: '2022-03-28T04:31:56Z'). Repeating schedules will determine the next schedule to begin based on this date and time.Required

Output

A JSON object containing row of result:

{
	"has_error": false,
	"id": 1,
	"links": [{
		"href": "https://localhost:3780/api/3/sites/38/scan_schedules",
		"rel": "self"
	}, {
		"href": "https://localhost:3780/api/3/sites/38",
		"rel": "Site"
	}],
	"error": null
}

Delete Site Scan

Deletes all scan schedules from the site. This uses the v3 API of the Nexpose.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
Site IdJinja-templated text containing the identifier of the Site.Required

Output

A JSON object containing row of result:

{
	"has_error": false,
	"links": [{
		"href": "https://localhost:3780/api/3/sites/38/scan_schedules",
		"rel": "self"
	}],
	"error": null
}

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem
  • v1.1.3 - Made Repeat Day of Week and Repeat Week of Month fields as optional fields.
  • v1.1.2 - Added 4 new actions Create Site, Delete Site, Create Site Scan and Delete Site Scan.

© Devo Technology Inc. All Rights Reserved.