Overview
The Security Flow RAPID7 InsightVM / Nexpose Plugin adds site management, site asset management, site scanning capabilities, asset searching and querying, and vulnerability searching and querying.
Functionality
This plugin supports operations to:
- list sites, create sites, and retrieve information on a site
- list site assets, add site assets, and remove site assets
- scan a site, retrieve a scan result, and set the status of a scan
- retrieve asset information, policies, services, and vulnerabilities
- search for assets using filters
- retrieve vulnerability information
- search for vulnerabilities using a keyword search
Instance Configuration Parameters
Name for InsightVM / Nexpose instance.
Unique name for the InsightVM / Nexpose Instance.
InsightVM / Nexpose server IP address or hostname.
Port number InsightVM / Nexpose is running on; typically this will be port 3780.
Username for the InsightVM / Nexpose server.
Password for the InsightVM / Nexpose server.
Number of seconds to timeout a session with the InsightVM / Nexpose server.
Flow Nodes
The display name of the node within the flows.
System-wide unique ID of the plugin instance.
Configuration option determining the type of operation to perform:
- Find Assets – Searches for matching assets based on the
Filters Array
andMatch Mode
. The maximum number of returned assets may be limited by setting aSize Limit
. - Get Asset – Retrieves a number of bits of information about an asset identified by its
Asset ID
. - Get Asset Policies – Retrieves detailed policy information for an asset identified by its
Asset ID
. - Get Asset Services – Retrieves detailed service information for an asset identified by its
Asset ID
. - Get Asset Vulnerabilities – Retrieves detailed vulnerability information for an asset identified by its
Asset ID
.
Successful results for an action are placed in msg.payload.nexpose.[uniqueId].response
. For the Find Assets action, an array of matching resources
is returned within the response.
The Filters Array
field is a JSON array of Search Criteria supporting variable substitution from the incoming message using a mustache format. Learn more about searching and filtering of assets by referencing the InsightVM API Asset Search page and the InsightVM API Search Criteria page. A mustache is a set of double curly braces surrounding a variable, i.e. {{ variable }}
. For example, {{payload.data}}
would substitute in the value of payload.data
found in the incoming message. Visit the Template Engine and Formatters page to learn more.
Boolean logic operator of for the Filters Array
. Allows for eith boolean AND or boolean OR.
The maximum number of search results to return.
The InsightVM / Nexpose ID number for the asset.
The display name of the node within the flows.
System-wide unique ID of the plugin instance.
Configuration option determining the type of operation to perform:
- List Sites – Retrieves the current list of sites.
- Get Site (Site ID) – Retrieves the meta data for the specified site identified by site ID.
- Get Site (Site Name) – Retrieves the meta data for the specified site identified by site name.
- Create Site – Creates a new site.
- List Assets (Site ID) – Returns the list of active assets within the specified site identified by site ID.
- List Assets (Site Name) – Returns the list of active assets within the specified site identified by site name.
- Add Asset(s) (Site ID) – Adds an asset to the specified site identified by site ID.
- Add Asset(s) (Site Name) – Adds an asset to the specified site identified by site name.
- Delete Asset(s) (Site ID) – Deletes active or defined assets from the specified site identified by site ID.
- Delete Asset(s) (Site Name) – Deletes active or defined assets from the specified site identified by site name.
- Scan Site (Site ID) – Initiates a scan of the specified site identified by site ID.
- Scan Site (Site Name) – Initiates a scan of the specified site identified by site name.
- Get Scan Information – Retrieves information for a scan identified by scan ID.
- Get Scan Results – Retrieves the results of a scan identified by scan ID. This action will block the message until the scan’s status has transitioned to aborted, unknown, finished, stopped, or error.
- Set Scan Status – Sets the status for a scan given the scan ID number.
Successful results for an action are placed in msg.payload.nexpose.[uniqueId].response
. If the action returns multiple assets or sites, an array of resources
is returned within the response.
The ID number of a specific site.
The unique name of a site.
The Asset(s)
may be specified as a host name, IP address, CIDR block (192.168.1.0/24
), or IP address range (startIp-endIp
).
When starting a new scan using the Scan Site (Site ID) action or the Scan Site (Site Name) action, this is the name of the newly created scan.
When starting a new scan using the Scan Site (Site ID) or the Scan Site (Site Name) action, this is the number of the scan engine to use. The scan engine information is available by retrieving a site’s meta data using the Get Site (Site ID) or Get Site (Site Name) action and referencing the scanEngine
value from the response.
When starting a new scan using the Scan Site (Site ID) or the Scan Site (Site Name) action, this is the scan template string. The scan template information is available by retrieving a site’s meta data using the Get Site (Site ID) or Get Site (Site Name) action and referencing the scanTemplate
value from the response.
When starting a new scan using the Scan Site (Site ID) or the Scan Site (Site Name) action, this field, while optional, is used to limit the assets scanned. It must be supplied as an array of IP addresses and host names. If not supplied, all assets in the site are scanned.
The scan ID number of interest. This number is usually obtained from a previous node in the flow configured with the Scan Site (Site ID) or the Scan Site (Site Name) action.
The display name of the node within the flows.
System-wide unique ID of the plugin instance.
Configuration option determining the type of operation to perform:
- Find Vulnerabilities – Searches vulnerability checks for the
Search Term
and returns information about the matching vulnerabilities. The maximum number of returned assets may be limited by setting aSize Limit
. - Get Vulnerability – Retrieves information about a vulnerability identified by its
Vulnerability ID
.
Successful results for an action are placed in msg.payload.nexpose.[uniqueId].response
. For the Find Vulnerabilities action, an array of matching resources
is returned within the response. For all vulnerabilities, an array of affected asset IDs is set within the affectedAssetIds
field.
The search terms to use when performing a search of vulnerability checks within the InsightVM / Nexpose.
The maximum number of search results to return.
The InsightVM / Nexpose ID string for the vulnerability.
Metro Office Park
2950 Metro Drive, Suite 104
Bloomington, MN 55425
Phone: +1 952-500-8921
©Nevelex Labs, LLC. 2018-2024, All Rights Reserved.
EULA