Note - the following article works for both InsightVM and Nexpose products by Rapid7.
If you are currently working with Nexpose/InsightVM and would like to retrieve relevant data such as vulnerabilities and vulnerable endpoints, you can set up an integration with JetPatch and Nexpose. The collected data from Nexpose automatically arrives via API calls.
Prerequisites
- Communication to Nexpose server from the JetPatch application server must be allowed
- Admin user (required by Rapid7 for API access)
Nexpose Configuration in JetPatch
The following configurations are made in the intigua.properties file.
To edit the properties file:
- SSH to JetPatch application server
- Stop Tomcat (run command service tomcat stop)
- vi /usr/share/tomcat/default/conf/intigua.properties
- Add the Relevant configuration as below
- Save and exit
- Restart tomcat (run command service tomcat restart)
Note: By default, the matching criteria between JetPatch and the Vulnerability Scanner is merged on hostname, DNS name, and IP address. If you prefer to match on only one or two of those criteria, see this article.
Nexpose Connection:
########################################################################
# "Nexpose" integration. Provided properties for Nexpose integration #
########################################################################
pg.nexpose.enable=true
pg.nexpose.host.url=https://30.30.0.0:3780
pg.nexpose.username=John
pg.nexpose.password=1234567
#Generate nexpose report per server (see Download an Endpoint's Nexpose Report below)
pg.nexpose.report-name=JetPatch-CSV
Post-Configuration Actions
Once the integration with Nexpose is established, you will be able to:
- Review all patch related vulnerabilities that are reported by Nexpose/InsightVM
- Create a Remediation plan based on Nexpose
- Download Nexpose Report per endpoint server
- Clear data derived from Nexpose
Troubleshooting: Test Communication and User Access
Run the following command from the JetPatch server manager
curl -k -u USERNAME:PASSWORD https://NEXPOSE:3780/api/3/assetswhere username and password are the Nexpose's credentials and NEXPOSE is the Nexpose URL or IP.
Note: curl test does not work if password has special characters in it.
Additional Configuration
Nexpose Advanced Properties
# Size of the page in API request
pg.nexpose.page.size=500
# Concurrent jobs
pg.nexpose.concurrent.jobs=10
# Max number of connections
pg.nexpose.connection.num.total=20
# Max number of connections per route
pg.nexpose.connection.num.route=2
# The timeout until the server establishes a connection
pg.nexpose.connection.timeout.ms=-1
# The timeout until server responds AFTER a connection is established
pg.nexpose.socket.timeout.ms=60000
General Vulnerability Scanner Properties
Please check the "General Configuration" section in the Vulnerability Scanners Integration article.
Comments
0 comments
Please sign in to leave a comment.