As of Nexpose 5.13, Nexpose makes it easier for you to gain an asset centric-view of your environment, which will help you with tracking and reporting. An asset is a single device on a network that the application discovers during a scan. As you may have noticed, Nexpose 5.13 included new functionality: you can now scan asset groups. An asset group is a logical collection of managed assets.
Nexpose enables you to configure your environment in two ways:
- Assets can be restricted to their scan group (labeled in the product as a site). This mean that the same asset, in different containers, are considered unique.
- Assets can be global across your entire network. Therefore, all assets in all sites are linked.
The following image highlights the two options.
Asset linking is an option that a Global Administrator can set for your entire Nexpose installation. The configuration page describes some scenarios and important considerations for enabling this option. Review the considerations before enabling.
In most cases, we highly recommend that you enable the option so you can track your progress in the situation described above: performing different scans of the same distinct individual devices.
Note: Enabling this feature is required if you are going to scan dynamic asset groups in order to ensure that the asset will be updated in multiple sites from a reporting perspective.
With certain network configurations, it may be more beneficial not to enable the option. The case for not enabling it is when you have devices with very similar configurations that do not overlap sites. An example is a chain of retail stores where each store has the same network configuration and IP subnets across their different stores.
For more information, see the Resources section of the Nexpose Help or User's Guide.
Following is an example of how an organization can use this feature, once it is enabled, to improve their asset tracking.
One typical way to categorize assets is by physical location. You might have an office in Houston, an office in Missoula, and an office in Berlin. You can create a site in Nexpose for each and scan those sites. This is an effective way to arrange your scans, because you can place a Scan Engine in each location to reduce traffic on your network.
There are many other ways to categorize assets. For instance, these could include IP address range, operating system, business context (which might be represented by user-added tags), and more. In Nexpose, you can use asset groups to contain these categorized assets.
As of Nexpose 5.13, you can scan asset groups. You can do this by configuring a site in Nexpose to scan the asset group or groups. This allows you to scan assets according to business context or other categories.
An option to scan each asset with the engine most recently used for that asset allows you to scan such logical groupings while using the Scan Engine that makes the most logistical sense for the asset.
Even if you are categorizing and scanning the same assets in different ways, you may want to view and report on the entire scan history of an asset, no matter how it was scanned. Also as of Nexpose 5.13, if you have enabled asset linking, you can review the comprehensive history, no matter how the asset was scanned. As the scan occurs, Nexpose will compare the asset to assets in other scans. If enough characteristics match, the assets will be identified as the same asset.
At Rapid7, we are always looking to improve Nexpose based on customer requests. We hope you enjoy using this new feature.