As a corporate network grows and new locations are opened up, it becomes increasingly difficult for companies to keep track of and understand their total asset count and the associated risk exposure. Nexpose lets you easily discover all of your assets before a scan, but if that information is already in a great asset management tool like McAfee ePO, why waste time and duplicate efforts? Now you don't have to, with the ability to automatically import ePO assets into Nexpose before a scan.

Solution

The goal of the ePO asset discovery use case is to allow users to import ePO assets, including assets from the McAfee Vulnerability Manager (MVM), into Nexpose. McAfee is discontinuing support for MVM, which means that their customers need to find another vulnerability management solution. Rapid7's ePO integration allows users to import MVM systems or any other systems managed through ePO into Nexpose. Once their assets are imported, they have visibility into all their assets via Nexpose, and can manage them from there.

How it works

Nexpose allows customers to create a connection to an ePO server. Once they have done so, all systems currently being managed by ePO will be imported into Nexpose. Nexpose will check periodically for any new or updated systems within ePO. Nexpose is capable of correlating existing assets with imported assets from ePO, consolidating risk and avoiding duplication.

Once ePO assets are imported into Nexpose, they can be managed like any other asset, including scheduling scans and generating reports. In other words, if you already are keeping ePO up to date with your latest assets, you can now automatically import these into Nexpose.

Setup

Nexpose imports ePO assets into a static site. We recommend setting up a dedicated ePO site for this purpose. Simply create a site and put one placeholder hostname in the included assets list, as Nexpose does not allow empty sites to be saved. Refer to https://help.rapid7.com/nexpose/ for more information.

Next, set up an ePO connection to your server by going to Administration Discovery Options Create Connection. Select “Intel Security ePolicy Orchestrator” for the connection type. The Rapid7 ePO client extension creates a NexposeServiceUser account on the ePO client, which only has the Nexpose Remote Command privilege. We recommend using this account or create a similar one for asset import. Select the “consume assets” consumption setting, and choose the site created above.  

It is also recommended to sign the certificate on the ePO client so that it does not have to trust self-signed certificates. Click the “Test Credential” button to ensure that the connection is configured correctly. Then choose “Save” to save the connection and start importing assets. Nexpose will immediately start importing assets from ePO.

Initially, the assets will only have an IP address, hostname, and mac address, and no last scanned date. To learn more about these assets and their vulnerabilities, either scan them immediately, or schedule a scan for later.