Nexpose by default is programmed to reach out on startup and every six hours afterward to the Rapid 7 update servers. At this time Nexpose checks for any new product and vulnerability content updates. If any updates are available Nexpose attempts to download and apply the data to the Security Console and local Scan Engine. The Security Console also sends updates to any distributed Scan Engines to which it is connected.
How do I disable automatic product updates?
The Security Console offers a feature to disable the retrieval of automatic product updates. Simply click the Administration tab of the Security Console Web interface. On the Administration page, click the manage link for the Security Console.
Next, click on the Updates link in the left area of the Security Console configuration panel. On the Updates page you will see a check box to disable automatic updates. Select this feature and click Save.
If you have disabled automatic product updates, you will want to set aside a maintenance schedule to perform manual updates to ensure that your installation does not become too out of date.
What happens if Nexpose becomes out of date?
We provide updated content that align with identifying new threats and additional attack vectors to existing vulnerability checks. Sometimes this additional content requires updates to core components to Nexpose product itself. This can include new features or even enhancements to existing ones. If the Nexpose product becomes too out of date, your scanning endeavors may not be as efficient or effective as they should be. For optimal performance and coverage, Rapid7 Engineering and Support strongly recommend that you create maintenance windows for running product updates as well as for performing database backups and other important tasks.
NOTE: Content updates cannot be disabled. Only product updates can be disabled.
Once Nexpose applies an update, whether product or content, it restarts. It is quite important to note that when updating, you should never manually shut down the server that hosts Nexpose or kill of the Nexpose system processes that may be running unless so instructed by a Rapid 7 Support Engineer.
So what is the difference between product and vulnerability content updates anyways?
Well, I am glad that you asked; it is really quite simple. A product update is just that, any update that will do things such as upgrading the database, JRE, or any other core component of Nexpose. Vulnerability content is meant to carry changes, and new vulnerability or policy checks, fingerprinting, and content-supportive additions to the product.
Once you apply updates, it is a great time to take a moment and verify that your Security Console is running the same update version as any distributed Nexpose Engines you may have.
We will need to start at the Administration tab once again. Once you are there, go ahead and click on the manage link for Scan Engines. You will see a list of Scan Engines that are currently paired with your Nexpose Console.
Simply ensure that the update information for the local Scan Engine is the same as that of your distributed Scan Engines. If the distributed engines' update information does differ, simply click the Refresh icon. This should now show the last applied update ID and time stamp.
For any additional information please refer to the Nexpose Administrators Guide. If you are not familier with where the admin guid resides let me go ahead and help you out. From your Nexpose Security Console (https://nexpose-console-url:3780) click on the Help link in the top right corner of the screen.
Next click on support and you will be brought to a section where you can view the most recent documentation that is available instantly with the click of your mouse button!