×
RAPID7 InsightVM / Nexpose

Overview

The Security Flow RAPID7 InsightVM / Nexpose Plugin adds site management, site asset management, site scanning capabilities, asset searching and querying, and vulnerability searching and querying.

Functionality

This plugin supports operations to:

  • list sites, create sites, and retrieve information on a site
  • list site assets, add site assets, and remove site assets
  • scan a site, retrieve a scan result, and set the status of a scan
  • retrieve asset information, policies, services, and vulnerabilities
  • search for assets using filters
  • retrieve vulnerability information
  • search for vulnerabilities using a keyword search

Instance Configuration Parameters

Property
Description

Instance Name

Name for InsightVM / Nexpose instance.


Unique ID

Unique name for the InsightVM / Nexpose Instance.


Server

InsightVM / Nexpose server IP address or hostname.


Server Port

Port number InsightVM / Nexpose is running on; typically this will be port 3780.


Username

Username for the InsightVM / Nexpose server.


Password

Password for the InsightVM / Nexpose server.


API Session Timeout

Number of seconds to timeout a session with the InsightVM / Nexpose server.

Flow Nodes

This node provides Rapid7 InsightVM / Nexpose capabilities to search for assets and retrieving information about an asset.
Property
Description

Name

The display name of the node within the flows.


Unique ID

System-wide unique ID of the plugin instance.


Action

Configuration option determining the type of operation to perform:

  • Find Assets – Searches for matching assets based on the Filters Array and Match Mode. The maximum number of returned assets may be limited by setting a Size Limit.
  • Get Asset – Retrieves a number of bits of information about an asset identified by its Asset ID.
  • Get Asset Policies – Retrieves detailed policy information for an asset identified by its Asset ID.
  • Get Asset Services – Retrieves detailed service information for an asset identified by its Asset ID.
  • Get Asset Vulnerabilities – Retrieves detailed vulnerability information for an asset identified by its Asset ID.

Successful results for an action are placed in msg.payload.nexpose.[uniqueId].response. For the Find Assets action, an array of matching resources is returned within the response.


Filters Array

The Filters Array field is a JSON array of Search Criteria supporting variable substitution from the incoming message using a mustache format. Learn more about searching and filtering of assets by referencing the InsightVM API Asset Search page and the InsightVM API Search Criteria page. A mustache is a set of double curly braces surrounding a variable, i.e. {{ variable }}. For example, {{payload.data}} would substitute in the value of payload.data found in the incoming message. Visit the Template Engine and Formatters page to learn more.


Match Mode

Boolean logic operator of for the Filters Array. Allows for eith boolean AND or boolean OR.


Size Limit

The maximum number of search results to return.


Asset ID

The InsightVM / Nexpose ID number for the asset.

This node provides Rapid7 InsightVM / Nexpose capabilities for managing sites, managing site assets, and managing site scans.
Property
Description

Name

The display name of the node within the flows.


Unique ID

System-wide unique ID of the plugin instance.


Action

Configuration option determining the type of operation to perform:

  • List Sites – Retrieves the current list of sites.
  • Get Site (Site ID) – Retrieves the meta data for the specified site identified by site ID.
  • Get Site (Site Name) – Retrieves the meta data for the specified site identified by site name.
  • Create Site – Creates a new site.
  • List Assets (Site ID) – Returns the list of active assets within the specified site identified by site ID.
  • List Assets (Site Name) – Returns the list of active assets within the specified site identified by site name.
  • Add Asset(s) (Site ID) – Adds an asset to the specified site identified by site ID.
  • Add Asset(s) (Site Name) – Adds an asset to the specified site identified by site name.
  • Delete Asset(s) (Site ID) – Deletes active or defined assets from the specified site identified by site ID.
  • Delete Asset(s) (Site Name) – Deletes active or defined assets from the specified site identified by site name.
  • Scan Site (Site ID) – Initiates a scan of the specified site identified by site ID.
  • Scan Site (Site Name) – Initiates a scan of the specified site identified by site name.
  • Get Scan Information – Retrieves information for a scan identified by scan ID.
  • Get Scan Results – Retrieves the results of a scan identified by scan ID. This action will block the message until the scan’s status has transitioned to aborted, unknown, finished, stopped, or error.
  • Set Scan Status – Sets the status for a scan given the scan ID number.

Successful results for an action are placed in msg.payload.nexpose.[uniqueId].response. If the action returns multiple assets or sites, an array of resources is returned within the response.


Site ID

The ID number of a specific site.


Site Name

The unique name of a site.


Asset(s)

The Asset(s) may be specified as a host name, IP address, CIDR block (192.168.1.0/24), or IP address range (startIp-endIp).


Scan Name

When starting a new scan using the Scan Site (Site ID) action or the Scan Site (Site Name) action, this is the name of the newly created scan.


Engine ID

When starting a new scan using the Scan Site (Site ID) or the Scan Site (Site Name) action, this is the number of the scan engine to use. The scan engine information is available by retrieving a site’s meta data using the Get Site (Site ID) or Get Site (Site Name) action and referencing the scanEngine value from the response.


Template ID

When starting a new scan using the Scan Site (Site ID) or the Scan Site (Site Name) action, this is the scan template string. The scan template information is available by retrieving a site’s meta data using the Get Site (Site ID) or Get Site (Site Name) action and referencing the scanTemplate value from the response.


Scan Hosts

When starting a new scan using the Scan Site (Site ID) or the Scan Site (Site Name) action, this field, while optional, is used to limit the assets scanned. It must be supplied as an array of IP addresses and host names. If not supplied, all assets in the site are scanned.


Scan ID

The scan ID number of interest. This number is usually obtained from a previous node in the flow configured with the Scan Site (Site ID) or the Scan Site (Site Name) action.

This node provides Rapid7 InsightVM / Nexpose capabilities to search for vulnerabilities and retrieving information about a vulnerability.
Property
Description

Name

The display name of the node within the flows.


Unique ID

System-wide unique ID of the plugin instance.


Action

Configuration option determining the type of operation to perform:

  • Find Vulnerabilities – Searches vulnerability checks for the Search Term and returns information about the matching vulnerabilities. The maximum number of returned assets may be limited by setting a Size Limit.
  • Get Vulnerability – Retrieves information about a vulnerability identified by its Vulnerability ID.

Successful results for an action are placed in msg.payload.nexpose.[uniqueId].response. For the Find Vulnerabilities action, an array of matching resources is returned within the response. For all vulnerabilities, an array of affected asset IDs is set within the affectedAssetIds field.


Search Term

The search terms to use when performing a search of vulnerability checks within the InsightVM / Nexpose.


Size Limit

The maximum number of search results to return.


Vulnerability ID

The InsightVM / Nexpose ID string for the vulnerability.

Nevelex Labs, Main Office

Metro Office Park
2950 Metro Drive, Suite 104
Bloomington, MN 55425
Phone: +1 952-500-8921

©Nevelex Labs, LLC. 2018-2021, All Rights Reserved.

EULA