Nexpose
Version: 2.0.0
Nexpose, Rapid7's on-premise option for vulnerability management software, monitors exposures in real-time and adapts to new threats with fresh data, ensuring you can always act at the moment of impact.
Connect Nexpose with LogicHub
- Navigate to Automations > Integrations.
- Search for Nexpose.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- Nexpose Server: Server name for your Nexpose instance.
- Nexpose Server Port: Server port for your Nexpose instance.
- Username: Username for your Nexpose instance.
- Password: Password for your Nexpose instance.
- After you've entered all the details, click Connect.
Actions for Nexpose
Vulnerability Scan
Scan of a given IP address for vulnerabilities.
Input Field
| Input Name | Description | Required |
|---|---|---|
| Column name | Column name from parent table to lookup value for. Table should have only 1 row. | Required |
Get Scan Report
Retrieve the report of the latest scan.
Input Field
Choose a connection that you have previously created to complete the connection.
Find Affected Hosts
Find hosts affected by a given CVE number.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Column name | Column name from parent table containing CVE Number. | Required |
Retrieve All Scans
Find all scans that are currently either active or inactive.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Scan type | Type of scan (Default is Active). | Required |
Stop Scan
Stop scan with given ID.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Column name | Column containing Scan ID. | Required |
Create Site
Creates a new site with the specified configuration. This uses the v3 API of the Nexpose.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Name | Jinja-templated text containing the name of site. Name must be unique. | Required |
| Description | Jinja-templated text containing the description of site. | Optional |
| Engine Id | Jinja-templated text containing the identifier of a scan engine. Default scan engine in your Nexpose account will be selected when not specified. | Optional |
| Template Id | Jinja-templated text containing the identifier of a scan template. Default scan template in your nexpose account will be selected when not specified. | Optional |
| Included Targets | Jinja-templated json containing the addresses to be included in the site's scan. Eg {"addresses": ["string"],"links": [{"href": "https://hostname:3780/api/3/...","rel": "self"}]} | Required |
| Excluded Targets | Jinja-templated json containing the addresses to be excluded in the site's scan. Eg {"addresses": ["string"],"links": [{"href": "https://hostname:3780/api/3/...","rel": "self"}]} | Optional |
Output
A JSON object containing row of result:
{
"has_error": false,
"id": 38,
"links": [{
"href": "https://localhost:3780/api/3/sites",
"rel": "self"
}, {
"href": "https://localhost:3780/api/3/sites/38",
"rel": "Site"
}],
"error": null
}
Delete Site
Deletes a specific site. This uses the v3 API of the Nexpose.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Site Id | Jinja-templated text containing the site Id to be deleted. | Required |
Output
A JSON object containing row of result:
{
"has_error": false,
"links": [{
"href": "https://localhost:3780/api/3/sites/38",
"rel": "self"
}],
"error": null
}
Create Site Scan
Creates a new scan schedule for the specified site. This uses the v3 API of the Nexpose.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Site Id | Jinja-templated text containing the id of the Site for which Scan Schedule has to be created. | Required |
| Duration | Jinja-templated text containing the maximum duration the scheduled scan is allowed to run.For example, 'P5DT10H30M' represents a duration of '5 days, 10 hours, and 30 minutes'. | Required |
| Enabled | The boolean value indicating whether the scan schedule is enabled. Default is 'False'. | Optional |
| onScanRepeat | Jinja-templated text containing the desired behavior of a repeating scheduled scan when the previous scan was paused due to reaching is maximum duration. Supported values are 'restart-scan' and 'resume-scan'. | Required |
| Repeat Day of Week | Jinja-templated text containing the day of the week the scheduled task should repeat. This property only applies to schedules with a 'Repeat Every' value of 'day-of-month'. | Optional |
| Repeat Every | Jinja-templated text containing the frequency schedule repeats. Each value represents a different unit of time and is used in conjunction with the property 'Repeat Interval'. Supported values are 'hour', 'day', 'week', 'date-of-month', 'day-of-month'". | Required |
| Repeat Interval | Jinja-templated number containing the interval time in which schedule should repeat. The is depends on the value set in 'Repeat Every'. For example, if the value in property every is set to 'day' and interval is set to 2, then the schedule will repeat every 2 days. | Required |
| Repeat Last Day of Month | The boolean value to enable repeating last day of month. Default is False. | Optional |
| Repeat Week of Month | Jinja-templated text containing the week of the month the scheduled task should repeat. For This property only applies to schedules with a 'Repeat Every' value of 'day-of-month'. Each week of the month is counted in 7-day increments. For example, week 1 consists of days 1-7 of the month while week 2 consists of days 8-14 of the month and so forth. | Optional |
| Scan Engine Id | Jinja-templated text containing the identifier of the scan engine to be used for this scan schedule. If not set, the site's assigned scan engine will be used. | Optional |
| Scan Template Id | Jinja-templated text containing the identifier of the scan template to be used for this scan schedule. If not set, the site's assigned scan template will be used. | Optional |
| Start | Jinja-templated text containing the scheduled start date and time. Date is represented in ISO 8601 format (Example: '2022-03-28T04:31:56Z'). Repeating schedules will determine the next schedule to begin based on this date and time. | Required |
Output
A JSON object containing row of result:
{
"has_error": false,
"id": 1,
"links": [{
"href": "https://localhost:3780/api/3/sites/38/scan_schedules",
"rel": "self"
}, {
"href": "https://localhost:3780/api/3/sites/38",
"rel": "Site"
}],
"error": null
}
Delete Site Scan
Deletes all scan schedules from the site. This uses the v3 API of the Nexpose.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
| Input Name | Description | Required |
|---|---|---|
| Site Id | Jinja-templated text containing the identifier of the Site. | Required |
Output
A JSON object containing row of result:
{
"has_error": false,
"links": [{
"href": "https://localhost:3780/api/3/sites/38/scan_schedules",
"rel": "self"
}],
"error": null
}
Release Notes
v2.0.0- Updated architecture to support IO via filesystemv1.1.3- MadeRepeat Day of WeekandRepeat Week of Monthfields as optional fields.v1.1.2- Added 4 new actionsCreate Site,Delete Site,Create Site ScanandDelete Site Scan.
Updated about 1 year ago