Rapid7 InsightVM

Vulnerability management solution to help reduce threat exposure.

Overview

Rapid7 Nexpose provides vulnerability management, assessment, and
response to changes in the environment while prioritizing risk across
vulnerabilities, configurations, and controls.\
Use the Nexpose integration to access sites, assets, vulnerabilities and
their solutions, scans and reports. The integration was developed with
the Nexpose API v3.

Rapid7 Nexpose Playbooks

For scans there are two sub-playbooks available, depending on the command.

To start a site scan, use the Nexpose Scan Site sub-playbook.

To start an assets scan, use the Nexpose Scan Assets sub-playbook.

When using the sort parameter, the fields to sort must be provided as
they are in the API, e.g riskScore. All the available fields for any
type of response can be found in the API Documentation.

Nexpose Scan Assets

Nexpose Scan Site

Vulnerability Handling - Nexpose

Vulnerability Management - Nexpose

Nexpose - Create and download a report - GenericPolling

Overview

Rapid7 Nexpose Playbooks

For scans there are two sub-playbooks available, depending on the command.

To start a site scan, use the Nexpose Scan Site sub-playbook.

To start an assets scan, use the Nexpose Scan Assets sub-playbook.

When using the sort parameter, the fields to sort must be provided as
they are in the API, e.g riskScore. All the available fields for any
type of response can be found in the API Documentation.

Nexpose Scan Assets

Nexpose Scan Site

Vulnerability Handling - Nexpose

Vulnerability Management - Nexpose

Nexpose - Create and download a report - GenericPolling

Automations

Name	Description
NexposeCreateIncidentsFromAssets	Deprecated. No available replacement. Create incidents based on the Nexpose asset ID and vulnerability ID. Duplicate incidents are not created for the same asset ID and vulnerability ID.
NexposeVulnExtractor	Parse a specific server nexpose response in to a table of vulnerabilities.
NexposeEmailParser	Parses nexpose report into a clear table that contain risk score and vulnerability count for each server, And creates a new incident for each server.
NexposeEmailParserForVuln	Parses nexpose report into a clear table that contain risk score and vulnerability count for each server, And creates a new incident for each server.

Integrations

Name	Description
Rapid7 InsightVM	Vulnerability management solution to help reduce threat exposure.

Playbooks

Name	Description
Vulnerability Management - Nexpose (Job)	Deprecated. No available replacement. Manage assets vulnerabilities using Nexpose. This playbook runs as a job, and by default creates incidents of type "Vulnerability" based on assets and vulnerabilities. The incidents are created by querying Nexpose for the input assets vulnerability list. You can define the minimum severity (minSeverity) that incidents are created for. Duplicate incidents are not created for the same asset ID and the Nexpose ID. This playbook is a part of a series of playbooks for Nexpose vulnerability management and remediation. For this series of playbooks to run successfully, create a Job and do the following: Assign this playbook to the Job Enter the relevant assets' hostnames in the playbook inputs (comma separated list). Associate the "Vulnerability" type incident to the "Vulnerability Handling - Nexpose" playbook.
Nexpose - Create and Download Report	Use this playbook as a sub-playbook to configure a report and download it. This playbook implements polling by continuously running the `nexpose-get-report-status` command until the operation completes. The remote action should have the following structure: Initiate the operation - insert the type of the report (sites, scan, or assets) and it's additional arguments if required. Poll to check if the operation completed. Get the results of the operation.
Scan Assets - Nexpose	Deprecated. Use the "Scan Site - Nexpose" playbook instead.
Vulnerability Handling - Nexpose	Manage vulnerability remediation using Nexpose data, and optionally enrich data with 3rd-party tools. Before you run this playbook, run the "Vulnerability Management - Nexpose (Job)" playbook.
Rapid7 - Nexpose - Enrichment	Given an IP address, this playbook searches Rapid7 Nexpose assets for an asset with the associated IP address to retrieve asset information and proceeds to return all associated tags with it.
Scan Site - Nexpose	Starts a Nexpose scan by site id and waits for the scan to finish by polling its status in pre-defined intervals.

Automations

Name	Description
NexposeCreateIncidentsFromAssets	Deprecated. No available replacement. Create incidents based on the Nexpose asset ID and vulnerability ID. Duplicate incidents are not created for the same asset ID and vulnerability ID.
NexposeEmailParser	Parses nexpose report into a clear table that contain risk score and vulnerability count for each server, And creates a new incident for each server.
NexposeEmailParserForVuln	Parses nexpose report into a clear table that contain risk score and vulnerability count for each server, And creates a new incident for each server.
NexposeVulnExtractor	Parse a specific server nexpose response in to a table of vulnerabilities.

Integrations

Name	Description
Rapid7 InsightVM	Vulnerability management solution to help reduce threat exposure.

Playbooks

Name	Description
Nexpose - Create and Download Report	Use this playbook as a sub-playbook to configure a report and download it. This playbook implements polling by continuously running the `nexpose-get-report-status` command until the operation completes. The remote action should have the following structure: Initiate the operation - insert the type of the report (sites, scan, or assets) and it's additional arguments if required. Poll to check if the operation completed. Get the results of the operation.
Scan Site - Nexpose	Starts a Nexpose scan by site id and waits for the scan to finish by polling its status in pre-defined intervals.
Scan Assets - Nexpose	Deprecated. Use the "Scan Site - Nexpose" playbook instead.
Rapid7 - Nexpose - Enrichment	Given an IP address, this playbook searches Rapid7 Nexpose assets for an asset with the associated IP address to retrieve asset information and proceeds to return all associated tags with it.

Required Content Packs (2)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR

Optional Content Packs (1)

Pack Name	Pack By
Common Types	By: Cortex XSOAR

All level dependencies (5)

Pack Name	Pack By
Base	By: Cortex XSOAR
Common Playbooks	By: Cortex XSOAR
Rasterize	By: Cortex XSOAR
Cortex REST API	By: Cortex XSOAR
Filters And Transformers	By: Cortex XSOAR

1.2.21 - 778227 (January 22, 2024)

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 32331

Download

1.2.20 - 762016 (January 14, 2024)

Integrations

Rapid7 InsightVM

Updated the Docker image to: demisto/python3:3.10.13.84405.

Related pull requests:
- 32183

Download

1.2.19 - 745385 (January 7, 2024)

Integrations

Rapid7 InsightVM

Added the Number of connection error retries advanced integration parameter to recover from temporary connection errors during command executions.
Changed the default value of the page_size argument to 100 in the nexpose-search-assets command to avoid doing large paginations that could lead to timeouts.

Related pull requests:
- 31673

Download

1.2.18 - 733853 (January 2, 2024)

Integrations

Rapid7 InsightVM

Updated the Docker image to: demisto/python3:3.10.13.83255.

Related pull requests:
- 31878

Download

1.2.17 - 6285754 (September 10, 2023)

Rapid7_Nexpose

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 29466

Download

1.2.16 - 6224334 (September 3, 2023)

Playbooks

Vulnerability Handling - Nexpose

The sub-playbooks "CVE Enrichment - Generic" and "Calculate Severity - Generic" are no longer in use and have been replaced by the sub-playbooks "CVE Enrichment - Generic v2" and "Calculate Severity - 3rd-party integrations".

Related pull requests:
- 28950

Download

1.2.15 - 6180521 (August 29, 2023)

Integrations

Rapid7 InsightVM

Updated the Docker image to: demisto/python3:3.10.13.72123.

Related pull requests:
- 29291

Download

1.2.14 - 5969979 (August 6, 2023)

Rapid7_Nexpose

Locked dependencies of the pack to ensure stability for versioned core packs. No changes in this release.

Related pull requests:
- 28753

Download

1.2.13 - 5883145 (July 27, 2023)

Integrations

Rapid7 InsightVM

Updated the Docker image to: demisto/python3:3.10.12.66339.

Related pull requests:
- 28544

Download

1.2.12 - R5866730 (July 25, 2023)

Integrations

Rapid7 InsightVM

Updated the Docker image to: demisto/python3:3.10.12.63474.

Playbooks

Scan Assets - Nexpose

Deprecated. Use the Scan Site - Nexpose playbook instead.

Related pull requests:
- 25504

Download

1.2.6 - 4797511 (March 12, 2023)

Integrations

Rapid7 InsightVM

Fixed an issue where running nexpose-get-scan on active scans, or starting a scan using nexpose-start-site-scan or nexpose-start-assets-scan, would cause an error saying "duration".

Related pull requests:
- 25005

Download

1.2.5 - 4771215 (March 8, 2023)

Documentation and metadata improvements.

Related pull requests:
- 23716

Download

1.2.4 - 4722159 (March 1, 2023)

Integrations

Rapid7 InsightVM

Fixed an issue where using the id argument on the nexpose-delete-site command would raise an error.
Fixed an issue where using the site argument on the nexpose-start-site-scan command would raise an error.
Fixed an issue where in some cases, the nexpose-start-site-scan command would raise an error saying "ip".
Updated the Docker image to: demisto/python3:3.10.10.48392.

Related pull requests:
- 24886

Download

1.2.3 - R4718798 (March 1, 2023)

Playbooks

Rapid7 - Nexpose - Enrichment

Updated the input of the nexpose-get-asset-tags task.

Related pull requests:
- 24535
- 24564

Download

1.2.2 - R4618697 (February 15, 2023)

Integrations

Rapid7 InsightVM

Added the nexpose-get-asset-tags command.

Playbooks

New: Rapid7 - Nexpose - Enrichment

Added a new playbook that searches Rapid7 Nexpose assets for an asset with the associated IP address to retrieve asset information and proceeds to return all associated tags with it. (Available from Cortex XSOAR 6.5.0).

Related pull requests:
- 24407
- 24147

Download

1.2.1 - R4494864 (January 29, 2023)

Integrations

Rapid7 InsightVM

Rebranded integration from "Nexpose" to "InsightVM"
Updated pack description and logo.

Related pull requests:
- 22945

Download

1.2.0 - 4183367 (December 8, 2022)

Integrations

Rapid7 Nexpose

Updated the Docker image to: demisto/python3:3.10.9.40422.
Added 23 new commands:
- nexpose-create-asset
- nexpose-create-scan-schedule
- nexpose-create-shared-credential
- nexpose-create-site-scan-credential
- nexpose-create-vulnerability-exception
- nexpose-delete-asset
- nexpose-delete-scan-schedule
- nexpose-delete-shared-credential
- nexpose-delete-site-scan-credential
- nexpose-delete-vulnerability-exception
- nexpose-disable-shared-credential
- nexpose-enable-shared-credential
- nexpose-list-assigned-shared-credential
- nexpose-list-scan-schedule
- nexpose-list-shared-credential
- nexpose-list-site-scan-credential
- nexpose-list-vulnerability
- nexpose-list-vulnerability-exceptions
- nexpose-update-scan-schedule
- nexpose-update-shared-credential
- nexpose-update-site-scan-credential
- nexpose-update-vulnerability-exception-expiration
- nexpose-update-vulnerability-exception-status
Added an option to refer to sites by their names on relevant commands (previously only by IDs).
Added the following parameters for paginated commands.
- page
- page_size
Fixed the wrong duration time conversion in the following commands:
- nexpose-get-scan
- nexpose-get-scans
Fixed an issue with the nexpose-get-asset-vulnerability command failing with the same message if asset ID is invalid, vulnerability ID is invalid, or if the asset isn't vulnerable for the specified vulnerability.
Changed the nexpose-get-scan command behavior to not stop and fail if one of the provided scan IDs is invalid, but instead continue to loop over all IDs and show an error message just for the invalid IDs.
Fixed an issue with the following commands failing if a returned asset hasn't been previously scanned:
- nexpose-get-asset
- nexpose-get-assets
- nexpose-search-assets

Download

1.1.6 - R4116031 (November 29, 2022)

Integrations

Rapid7 Nexpose

Updated the Docker image to: demisto/python:2.7.18.27799.

Related pull requests:
- 18787

Download

Certification	Certified	Read more
Supported By	Cortex
Created	July 24, 2020
Last Release	January 22, 2024

Rapid7 InsightVM

Overview

Rapid7 Nexpose Playbooks

Nexpose Scan Assets

Nexpose Scan Site

Vulnerability Handling - Nexpose

Vulnerability Management - Nexpose

Nexpose - Create and download a report - GenericPolling

Overview

Rapid7 Nexpose Playbooks

Nexpose Scan Assets

Nexpose Scan Site

Vulnerability Handling - Nexpose

Vulnerability Management - Nexpose

Nexpose - Create and download a report - GenericPolling