Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

daines  

AUTHOR STATS:

12

Site Consolidation with the Nexpose Gem

The introduction of the scan export/import feature opens up the ability to merge sites, at least through the Ruby gem. Imagine a scenario where you had split up your assets into several sites, but now you realize it would be easier to manage them…

Scan Export/Import Using the nexpose-client Gem

The latest release (5.10.13) introduces a new feature into Nexpose, scan exporting and importing. We're looking to address a need in air-gap environments, where customers can have multiple consoles to address network partitioning. This approach is not without its warts. For example, if…

Nexpose Gem Version 0.8.0 Released

With the release of Nexpose 5.9.16, we are also releasing a new version of the gem: 0.8.0We bumped the version from 0.7 to mark several changes. First, there are two methods that would not work against the new release without…

Using the Gem for Shared Credentials

Here's a walk-through of how to use Shared Credentials, as of version 0.5.1 of the gem. In order to keep verbosity to a minimum, all of the examples assume that the Nexpose module has been included: include Nexpose As with all uses of…

[ANN] nexpose gem 0.5 Released

The nexpose gem, a Ruby library for accessing the Nexpose API (and more), has been updated to version 0.5. This version includes a number of small breaking changes from the previous version of the gem (0.2.8), hence the jump in version. Nearly…

Creating Asset Groups from IPs

I put together a script recently to solve a customer problem, but it struck me that it is a problem many organizations might have. What happens when you are in charge of the Nexpose console, but someone else is in charge of actually applying remediation?…

Calculating Your Average Scan Time

If you are looking to balance out your scan schedule or add new scans to the mix, it can be helpful to get some direct insight into how much time a new scan is going to take. One way to estimate that is based upon…

Bridging Asset Groups and Sites Using the Nexpose Gem

Asset Groups are a convenient feature for organizing assets based upon different criteria, including criteria that you could not have known when you configured and first ran your site scans. But many times you would actually like to run scans based off your asset groups.…

Using Scripts to Analyze Your Security Console

There is a variety of information available about your Sites and Scans that can be used to make decisions. I began thinking about how to analyze the load across Scan Engines or Sites, but quickly realized there are too many ways to break down the…

Making the Nexpose Gem Easier to Use

In an effort to make API access to Nexpose easier, some efforts are underway to make the Nexpose Gem easier to use. For those unfamiliar with the gem, it is a Ruby library that allows for easier scripting against a Nexpose security console. Changes to…

Managing Your Nexpose Scan Engines through the API

Here's a walk-through of a Ruby script that uses the nexpose gem to add and configure your Nexpose Scan Engines. This script configures the Dynamic Scan Pool feature. A Scan Engine pool is a group of shared Scan Engines that can be bound to a…

How to Set up an Oracle Policy Scan

The following steps should get you up and running with a policy scan against an Oracle database server. Configure the oracle.xml File You need to edit the policy configuration file provided in a default Nexpose installation. The file is located here: [installation_directory]/plugins/…