Versions Compared

Version Old Version 1 New Version Current
Changes made by

Jonas Gonzalez (Unlicensed)

Jonas Gonzalez (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Nexpose, Rapid7's on-premise option for vulnerability management software, monitors exposures in real-time and adapts to new threats with fresh data, ensuring you can always act at the moment of impact.

Connect Nexpose with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for Nexpose.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. Nexpose Server: Server name for your Nexpose instance.

  9. Nexpose Server Port: Server port for your Nexpose instance.

  10. Username: Username for your Nexpose instance.

  11. Password: Password for your Nexpose instance.

  12. After you've entered all the details, click Connect.

Actions for Nexpose

Vulnerability Scan

Scan of a given IP address for vulnerabilities.

Input Field

Input Name

Description

Required

Column name

Column name from parent table to lookup value for. Table should have only 1 row.

Required

Get Scan Report

Retrieve the report of the latest scan.

Input Field

Choose a connection that you have previously created to complete the connection.

Find Affected Hosts

Find hosts affected by a given CVE number.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Column name

Column name from parent table containing CVE Number.

Required

Retrieve All Scans

Find all scans that are currently either active or inactive.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Scan type

Type of scan (Default is Active).

Required

Stop Scan

Stop scan with given ID.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Column name

Column containing Scan ID.

Required

Create Site

Creates a new site with the specified configuration. This uses the v3 API of the Nexpose.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Name

Jinja-templated text containing the name of site. Name must be unique.

Required

Description

Jinja-templated text containing the description of site.

Optional

Engine Id

Jinja-templated text containing the identifier of a scan engine. Default scan engine in your Nexpose account will be selected when not specified.

Optional

Template Id

Jinja-templated text containing the identifier of a scan template. Default scan template in your nexpose account will be selected when not specified.

Optional

Included Targets

Jinja-templated json containing the addresses to be included in the site's scan. Eg {"addresses": ["string"],"links": [{"href": "https://hostname:3780/api/3/...","rel": "self"}]}

Required

Excluded Targets

Jinja-templated json containing the addresses to be excluded in the site's scan. Eg {"addresses": ["string"],"links": [{"href": "https://hostname:3780/api/3/...","rel": "self"}]}

Optional

Output

A JSON object containing row of result:

...

Code Block
## Delete Site

Deletes a specific site. This uses the v3 API of the Nexpose.

### Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

| Input Name | Description                                                                      | Required |
| :--------- | :------------------------------------------------------------------------------- | :------- |
| Site Id    | [Jinja-templated](doc:jinja-template) text containing the site Id to be deleted. | Required |

### Output

A JSON object containing row of result:


``` {json}{
    "has_error": false,
    "links": [{
        "href": "https://localhost:3780/api/3/sites/38",
        "rel": "self"
    }],
    "error": null
}

Create Site Scan

Creates a new scan schedule for the specified site. This uses the v3 API of the Nexpose.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Site Id

Jinja-templated text containing the id of the Site for which Scan Schedule has to be created.

Required

Duration

Jinja-templated text containing the maximum duration the scheduled scan is allowed to run.For example, 'P5DT10H30M' represents a duration of '5 days, 10 hours, and 30 minutes'.

Required

Enabled

The boolean value indicating whether the scan schedule is enabled. Default is 'False'.

Optional

onScanRepeat

Jinja-templated text containing the desired behavior of a repeating scheduled scan when the previous scan was paused due to reaching is maximum duration. Supported values are 'restart-scan' and 'resume-scan'.

Required

Repeat Day of Week

Jinja-templated text containing the day of the week the scheduled task should repeat. This property only applies to schedules with a 'Repeat Every' value of 'day-of-month'.

Optional

Repeat Every

Jinja-templated text containing the frequency schedule repeats. Each value represents a different unit of time and is used in conjunction with the property 'Repeat Interval'. Supported values are 'hour', 'day', 'week', 'date-of-month', 'day-of-month'".

Required

Repeat Interval

Jinja-templated number containing the interval time in which schedule should repeat. The is depends on the value set in 'Repeat Every'. For example, if the value in property every is set to 'day' and interval is set to 2, then the schedule will repeat every 2 days.

Required

Repeat Last Day of Month

The boolean value to enable repeating last day of month. Default is False.

Optional

Repeat Week of Month

Jinja-templated text containing the week of the month the scheduled task should repeat. For This property only applies to schedules with a 'Repeat Every' value of 'day-of-month'. Each week of the month is counted in 7-day increments. For example, week 1 consists of days 1-7 of the month while week 2 consists of days 8-14 of the month and so forth.

Optional

Scan Engine Id

Jinja-templated text containing the identifier of the scan engine to be used for this scan schedule. If not set, the site's assigned scan engine will be used.

Optional

Scan Template Id

Jinja-templated text containing the identifier of the scan template to be used for this scan schedule. If not set, the site's assigned scan template will be used.

Optional

Start

Jinja-templated text containing the scheduled start date and time. Date is represented in ISO 8601 format (Example: '2022-03-28T04:31:56Z'). Repeating schedules will determine the next schedule to begin based on this date and time.

Required

Output

A JSON object containing row of result:

...

Code Block
## Delete Site Scan

Deletes all scan schedules from the site. This uses the v3 API of the Nexpose.

### Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

| Input Name | Description                                                                       | Required |
| :--------- | :-------------------------------------------------------------------------------- | :------- |
| Site Id    | [Jinja-templated](doc:jinja-template) text containing the identifier of the Site. | Required |

### Output

A JSON object containing row of result:


``` {json}{
    "has_error": false,
    "links": [{
        "href": "https://localhost:3780/api/3/sites/38/scan_schedules",
        "rel": "self"
    }],
    "error": null
}

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem

  • v1.1.3 - Made Repeat Day of Week and Repeat Week of Month fields as optional fields.

  • v1.1.2 - Added 4 new actions Create Site, Delete Site, Create Site Scan and Delete Site Scan.

...