Skip to main content

Rapid7 InsightVM

This Integration is part of the Rapid7 InsightVM Pack.#

Vulnerability management solution to help reduce threat exposure. This integration was integrated and tested with version 6.6.103 of Rapid7 Nexpose.

Configure Rapid7 InsightVM on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Rapid7 InsightVM.

  3. Click Add instance to create and configure a new integration instance.

    ParameterRequired
    Server URL (e.g., https://192.0.2.0:8080)True
    UsernameTrue
    PasswordTrue
    2FA TokenFalse
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

nexpose-get-asset#


Returns the specified asset.

Base Command#

nexpose-get-asset

Input#

Argument NameDescriptionRequired
idAsset ID.Required

Context Output#

PathTypeDescription
Nexpose.Asset.AddressesunknownAll addresses discovered on the asset.
Nexpose.Asset.AssetIdnumberId of the asset.
Nexpose.Asset.HardwarestringThe primary Media Access Control (MAC) address of the asset. The format is six groups of two hexadecimal digits separated by colons.
Nexpose.Asset.AliasesunknownAll host names or aliases discovered on the asset.
Nexpose.Asset.HostTypestringThe type of asset. Valid values are unknown, guest, hypervisor, physical, mobile
Nexpose.Asset.SitestringAsset site name.
Nexpose.Asset.OperatingSystemstringOperating system of the asset.
Nexpose.Asset.VulnerabilitiesnumberThe total number of vulnerabilities on the asset.
Nexpose.Asset.CPEstringThe Common Platform Enumeration (CPE) of the operating system.
Nexpose.Asset.LastScanDatedateLast scan date of the asset.
Nexpose.Asset.LastScanIdnumberID of the asset's last scan.
Nexpose.Asset.RiskScorenumberThe risk score (with criticality adjustments) of the asset.
Nexpose.Asset.Software.SoftwarestringThe description of the software.
Nexpose.Asset.Software.VersionstringThe version of the software.
Nexpose.Asset.Services.NamestringThe name of the service.
Nexpose.Asset.Services.PortnumberThe port of the service.
Nexpose.Asset.Services.ProductstringThe product running the service.
Nexpose.Asset.Services.protocolstringThe protocol of the service, valid values are ip, icmp, igmp, ggp, tcp, pup, udp, idp, esp, nd, raw
Nexpose.Asset.Users.FullNamestringThe full name of the user account.
Nexpose.Asset.Users.NamestringThe name of the user account.
Nexpose.Asset.Users.UserIdnumberThe identifier of the user account.
Nexpose.Asset.Vulnerability.IdnumberThe identifier of the vulnerability.
Nexpose.Asset.Vulnerability.InstancesnumberThe number of vulnerable occurrences of the vulnerability. This does not include invulnerable instances.
Nexpose.Asset.Vulnerability.TitlestringThe title (summary) of the vulnerability.
Nexpose.Asset.Vulnerability.MalwarenumberThe malware kits that are known to be used to exploit the vulnerability.
Nexpose.Asset.Vulnerability.ExploitnumberThe exploits that can be used to exploit a vulnerability.
Nexpose.Asset.Vulnerability.CVSSstringThe CVSS exploit score.
Nexpose.Asset.Vulnerability.RisknumberThe risk score of the vulnerability, rounded to a maximum of to digits of precision. If using the default Rapid7 Real Risk™ model, this value ranges from 0-1000.
Nexpose.Asset.Vulnerability.PublishedOndateThe date the vulnerability was first published or announced. The format is an ISO 8601 date, YYYY-MM-DD.
Nexpose.Asset.Vulnerability.ModifiedOndateThe last date the vulnerability was modified. The format is an ISO 8601 date, YYYY-MM-DD.
Nexpose.Asset.Vulnerability.SeveritystringThe severity of the vulnerability, one of: "Moderate", "Severe", "Critical".
Endpoint.IPstringEndpoint IP address.
Endpoint.HostNamestringEndpoint host name.
Endpoint.OSstringEndpoint operating system.
CVE.IDstringCommon Vulnerabilities and Exposures IDs.

nexpose-get-assets#


Returns all assets for which you have access.

Base Command#

nexpose-get-assets

Input#

Argument NameDescriptionRequired
page_sizeNumber of records to retrieve in each API call when pagination is used.Optional
pageA specific page to retrieve when pagination is used. Page indexing starts at 0.Optional
sortCriteria to sort the records by, in the format: property[,ASC|DESC]. If not specified, default sort order is ascending. Multiple sort criteria can be specified, separated by a ";". For example: "riskScore,DESC;hostName,ASC".Optional
limitA number of records to limit the response to. Default is 10.Optional

Context Output#

PathTypeDescription
Nexpose.Asset.AssetIdnumberThe identifier of the asset.
Nexpose.Asset.AddressstringThe primary IPv4 or IPv6 address of the asset.
Nexpose.Asset.NamestringThe primary host name (local or FQDN) of the asset.
Nexpose.Asset.SitestringAsset site name.
Nexpose.Asset.ExploitsnumberThe number of distinct exploits that can exploit any of the vulnerabilities on the asset.
Nexpose.Asset.MalwarenumberThe number of distinct malware kits that vulnerabilities on the asset are susceptible to.
Nexpose.Asset.OperatingSystemstringOperating system of the asset.
Nexpose.Asset.VulnerabilitiesnumberThe total number of vulnerabilities.
Nexpose.Asset.RiskScorenumberThe risk score (with criticality adjustments) of the asset.
Nexpose.Asset.AssessedbooleanWhether the asset has been assessed for vulnerabilities at least once.
Nexpose.Asset.LastScanDatedateLast scan date of the asset.
Nexpose.Asset.LastScanIdnumberId of the asset's last scan.
Endpoint.IPstringEndpoint IP address.
Endpoint.HostNamestringEndpoint host name.
Endpoint.OSstringEndpoint operating system.

Command example#

!nexpose-get-assets limit=3

Context Example#

{
"Endpoint": [
{
"Hostname": "pool-96-252-18-158.bstnma.fios.verizon.net",
"ID": 9,
"IPAddress": "192.0.2.1",
"Vendor": "Rapid7 Nexpose"
},
{
"Hostname": "angular.testsparker.com",
"ID": 11,
"IPAddress": "192.0.2.2",
"OS": "Ubuntu Linux",
"Vendor": "Rapid7 Nexpose"
},
{
"ID": 12,
"IPAddress": "192.0.2.3",
"OS": "Microsoft Windows",
"Vendor": "Rapid7 Nexpose"
}
],
"Nexpose": {
"Asset": [
{
"Address": "192.0.2.1",
"Assessed": true,
"AssetId": 9,
"Exploits": 0,
"LastScanDate": "2020-10-01T22:37:33.710Z",
"LastScanId": 650,
"Malware": 0,
"Name": "pool-96-252-18-158.bstnma.fios.verizon.net",
"OperatingSystem": null,
"RiskScore": 0,
"Site": "PANW",
"Vulnerabilities": 0
},
{
"Address": "192.0.2.2",
"Assessed": true,
"AssetId": 11,
"Exploits": 2,
"LastScanDate": "2022-11-02T14:54:19.055Z",
"LastScanId": "-",
"Malware": 0,
"Name": "angular.testsparker.com",
"OperatingSystem": "Ubuntu Linux",
"RiskScore": 7718.4091796875,
"Site": "PANW",
"Vulnerabilities": 26
},
{
"Address": "192.0.2.3",
"Assessed": true,
"AssetId": 12,
"Exploits": 4,
"LastScanDate": "2049-03-01T04:31:56Z",
"LastScanId": "-",
"Malware": 0,
"Name": null,
"OperatingSystem": "Microsoft Windows",
"RiskScore": 18819.919921875,
"Site": "PANW",
"Vulnerabilities": 45
}
]
}
}

Human Readable Output#

Nexpose Asset 12#

AssetIdAddressSiteExploitsMalwareOperatingSystemVulnerabilitiesRiskScoreAssessedLastScanDateLastScanId
12192.0.2.3PANW40Microsoft Windows4518819.919921875true2049-03-01T04:31:56Z-

nexpose-search-assets#


Search and return all assets matching specific filters. Returns only assets the user has access to.

Base Command#

nexpose-search-assets

Input#

Argument NameDescriptionRequired
queryQueries to use as a filter, according to the Search Criteria API standard. Multiple queries can be specified, separated by a ";" separator. For example: "ip-address in-range 192.0.2.0,192.0.2.1;host-name is myhost". For more information regarding Search Criteria, refer to https://help.rapid7.com/insightvm/en-us/api/index.html#section/Overview/Responses.Optional
page_sizeNumber of records to retrieve in each API call when pagination is used.Optional
pageA specific page to retrieve when pagination is used. Page indexing starts at 0.Optional
limitA number of records to limit the response to. Default is 10.Optional
sortCriteria to sort the records by, in the format: property[,ASC|DESC]. If not specified, default sort order is ascending. Multiple sort criteria can be specified, separated by a ";" separator. For example: "riskScore,DESC;hostName,ASC".Optional
ipAddressIsA specific IP address to search.Optional
hostNameIsA specific host name to search.Optional
riskScoreHigherThanA minimum risk score to use as a filter.Optional
vulnerabilityTitleContainsA string to search for in vulnerabilities titles.Optional
siteIdInSite IDs to filter for. Can be a comma-separated list.Optional
siteNameInSite names to filter for. Can be a comma-separated list.Optional
matchOperator to determine how to match filters. "all" requires that all filters match for an asset to be included. "any" requires only one filter to match for an asset to be included. Possible values are: all, any. Default is all.Optional

Context Output#

PathTypeDescription
Nexpose.Asset.AssetIdnumberThe identifier of the asset.
Nexpose.Asset.AddressstringThe primary IPv4 or IPv6 address of the asset.
Nexpose.Asset.NamestringThe primary host name (local or FQDN) of the asset.
Nexpose.Asset.SitestringAsset site name.
Nexpose.Asset.ExploitsnumberThe number of distinct exploits that can exploit any of the vulnerabilities on the asset.
Nexpose.Asset.MalwarenumberThe number of distinct malware kits that vulnerabilities on the asset are susceptible to.
Nexpose.Asset.OperatingSystemstringOperating system of the asset.
Nexpose.Asset.VulnerabilitiesnumberThe total number of vulnerabilities.
Nexpose.Asset.RiskScorenumberThe risk score (with criticality adjustments) of the asset.
Nexpose.Asset.AssessedbooleanWhether the asset has been assessed for vulnerabilities at least once.
Nexpose.Asset.LastScanDatedateLast scan date of the asset.
Nexpose.Asset.LastScanIdnumberId of the asset's last scan.
Endpoint.IPstringEndpoint IP address.
Endpoint.HostNamestringEndpoint host name.
Endpoint.OSstringEndpoint operating system.

Command example#

!nexpose-search-assets match=all riskScoreHigherThan=1000 limit=3

Context Example#

{
"Endpoint": [
{
"Hostname": "angular.testsparker.com",
"ID": 11,
"IPAddress": "192.0.2.2",
"OS": "Ubuntu Linux",
"Vendor": "Rapid7 Nexpose"
},
{
"ID": 12,
"IPAddress": "192.0.2.3",
"OS": "Microsoft Windows",
"Vendor": "Rapid7 Nexpose"
},
{
"Hostname": "57.27.185.35.bc.googleusercontent.com",
"ID": 13,
"IPAddress": "192.0.2.4",
"OS": "Linux 2.6.18",
"Vendor": "Rapid7 Nexpose"
}
],
"Nexpose": {
"Asset": [
{
"Address": "192.0.2.2",
"Assessed": true,
"AssetId": 11,
"Exploits": 2,
"LastScanDate": "2022-11-02T14:54:19.055Z",
"LastScanId": "-",
"Malware": 0,
"Name": "angular.testsparker.com",
"OperatingSystem": "Ubuntu Linux",
"RiskScore": 7718.4091796875,
"Site": "PANW",
"Vulnerabilities": 26
},
{
"Address": "192.0.2.3",
"Assessed": true,
"AssetId": 12,
"Exploits": 4,
"LastScanDate": "2049-03-01T04:31:56Z",
"LastScanId": "-",
"Malware": 0,
"Name": null,
"OperatingSystem": "Microsoft Windows",
"RiskScore": 18819.919921875,
"Site": "PANW",
"Vulnerabilities": 45
},
{
"Address": "192.0.2.4",
"Assessed": true,
"AssetId": 13,
"Exploits": 0,
"LastScanDate": "2022-11-15T11:53:25.281Z",
"LastScanId": "-",
"Malware": 0,
"Name": "57.27.185.35.bc.googleusercontent.com",
"OperatingSystem": "Linux 2.6.18",
"RiskScore": 1323.0916748046875,
"Site": "PANW",
"Vulnerabilities": 2
}
]
}
}

Human Readable Output#

Nexpose Asset 13#

AssetIdAddressNameSiteExploitsMalwareOperatingSystemRiskScoreAssessedLastScanDateLastScanId
13192.0.2.457.27.185.35.bc.googleusercontent.comPANW00Linux 2.6.181323.0916748046875true2022-11-15T11:53:25.281Z-

nexpose-get-scan#


Get a specific scan.

Base Command#

nexpose-get-scan

Input#

Argument NameDescriptionRequired
idID of a specific scan to retrieve. Can be a comma-separated list.Required

Context Output#

PathTypeDescription
Nexpose.Scan.IdnumberThe identifier of the scan.
Nexpose.Scan.ScanTypestringThe scan type (automated, manual, scheduled).
Nexpose.Scan.StartedBystringThe name of the user who started the scan.
Nexpose.Scan.AssetsnumberThe number of assets found in the scan
Nexpose.Scan.TotalTimestringThe duration of the scan in minutes.
Nexpose.Scan.StatusstringThe scan status. Valid values are aborted, unknown, running, finished, stopped, error, paused, dispatched, integrating
Nexpose.Scan.CompleteddateThe end time of the scan in ISO8601 format.
Nexpose.Scan.Vulnerabilities.CriticalnumberThe number of critical vulnerabilities.
Nexpose.Scan.Vulnerabilities.ModeratenumberThe number of moderate vulnerabilities.
Nexpose.Scan.Vulnerabilities.SeverenumberThe number of severe vulnerabilities.
Nexpose.Scan.Vulnerabilities.TotalnumberThe total number of vulnerabilities.

Command example#

!nexpose-get-scan id=1

Context Example#

{
"Nexpose": {
"Scan": {
"Assets": 0,
"Completed": "2019-12-03T20:48:01.368Z",
"Id": 1,
"Message": null,
"ScanName": "Tue 03 Dec 2019 10:47 PM",
"ScanType": "Manual",
"StartedBy": null,
"Status": "finished",
"TotalTime": "51.316 seconds",
"Vulnerabilities": {
"Critical": 0,
"Moderate": 0,
"Severe": 0,
"Total": 0
}
}
}
}

Human Readable Output#

Nexpose Scan ID 1#

IdScanTypeScanNameAssetsTotalTimeCompletedStatus
1ManualTue 03 Dec 2019 10:47 PM051.316 seconds2019-12-03T20:48:01.368Zfinished

Vulnerabilities#

CriticalSevereModerateTotal
0000

nexpose-get-asset-vulnerability#


Returns details and possible remediations for an asset's vulnerability.

Base Command#

nexpose-get-asset-vulnerability

Input#

Argument NameDescriptionRequired
idID of an asset to search for the vulnerability.Required
vulnerabilityIdID of a vulnerability to search for. Example: 7-zip-cve-2008-6536.Required

Context Output#

PathTypeDescription
Nexpose.Asset.AssetIdnumberIdentifier of the asset.
Nexpose.Asset.Vulnerability.IdnumberThe identifier of the vulnerability.
Nexpose.Asset.Vulnerability.TitlestringThe title (summary) of the vulnerability.
Nexpose.Asset.Vulnerability.SeveritystringThe severity of the vulnerability, one of: "Moderate", "Severe", "Critical".
Nexpose.Asset.Vulnerability.RiskScorenumberThe risk score of the vulnerability, rounded to a maximum of to digits of precision. If using the default Rapid7 Real Risk™ model, this value ranges from 0-1000.
Nexpose.Asset.Vulnerability.CVSSstringThe CVSS vector(s) for the vulnerability.
Nexpose.Asset.Vulnerability.CVSSV3stringThe CVSS v3 vector.
Nexpose.Asset.Vulnerability.PublisheddateThe date the vulnerability was first published or announced. The format is an ISO 8601 date, YYYY-MM-DD.
Nexpose.Asset.Vulnerability.AddeddateThe date the vulnerability coverage was added. The format is an ISO 8601 date, YYYY-MM-DD.
Nexpose.Asset.Vulnerability.ModifieddateThe last date the vulnerability was modified. The format is an ISO 8601 date, YYYY-MM-DD.
Nexpose.Asset.Vulnerability.CVSSScorenumberThe CVSS score (ranges from 0-10).
Nexpose.Asset.Vulnerability.CVSSV3ScorenumberThe CVSS3 score, which ranges from 0-10.
Nexpose.Asset.Vulnerability.CategoriesunknownAll vulnerability categories assigned to this vulnerability.
Nexpose.Asset.Vulnerability.CVESunknownAll CVEs assigned to this vulnerability.
Nexpose.Asset.Vulnerability.Check.PortnumberThe port of the service the result was discovered on.
Nexpose.Asset.Vulnerability.Check.ProtocolstringThe protocol of the service the result was discovered on, valid values ip, icmp, igmp, ggp, tcp, pup, udp, idp, esp, nd, raw
Nexpose.Asset.Vulnerability.Check.SincedateThe date and time the result was first recorded, in the ISO8601 format. If the result changes status this value is the date and time of the status change.
Nexpose.Asset.Vulnerability.Check.ProofstringThe proof explaining why the result was found vulnerable.
Nexpose.Asset.Vulnerability.Check.StatusstringThe status of the vulnerability check result. Valid values are, unknown, not-vulnerable, vulnerable, vulnerable-version, vulnerable-potential, vulnerable-with-exception-applied, vulnerable-version-with-exception-applied, vulnerable-potential-with-exception-applied
Nexpose.Asset.Vulnerability.Solution.TypestringThe type of the solution. One of: "Configuration", "Rollup patch", "Patch".
Nexpose.Asset.Vulnerability.Solution.SummarystringThe summary of the solution.
Nexpose.Asset.Vulnerability.Solution.StepsstringThe steps required to remediate the vulnerability.
Nexpose.Asset.Vulnerability.Solution.EstimatestringThe estimated duration to apply the solution, in minutes.
Nexpose.Asset.Vulnerability.Solution.AdditionalInformationstringAdditional information or resources that can assist in applying the remediation
CVE.IDstringCommon Vulnerabilities and Exposures IDs.

Command example#

!nexpose-get-asset-vulnerability id=1 vulnerabilityId=apache-httpd-cve-2017-15710

Context Example#

{
"CVE": {
"CVSS": {
"Score": 7.5,
"Vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"Version": "3"
},
"Description": "The affected asset is vulnerable to this vulnerability ONLY if it is running one of the following modules: mod_authnz_ldap. Review your web server configuration for validation. mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.",
"ID": "CVE-2017-15710",
"Modified": "2020-01-30",
"Published": "2018-03-26"
},
"DBotScore": {
"Indicator": "CVE-2017-15710",
"Score": 0,
"Type": "cve",
"Vendor": "Rapid7 Nexpose"
},
"Nexpose": {
"Asset": {
"AssetId": "1",
"Vulnerability": [
{
"Added": "2018-03-26",
"CVES": [
"CVE-2017-15710"
],
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSSScore": 5,
"CVSSV3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSSV3Score": 7.5,
"Categories": [
"Apache",
"Apache HTTP Server",
"Denial of Service",
"LDAP",
"Web"
],
"Check": [
{
"Port": 80,
"Proof": "Running HTTP serviceProduct HTTPD exists -- Apache HTTPD 2.4.29Vulnerable version of product HTTPD found -- Apache HTTPD 2.4.29",
"Protocol": "tcp",
"Since": "2020-10-01T22:40:08.844Z",
"Status": "vulnerable-version"
},
{
"Port": 8000,
"Proof": "Running HTTP serviceProduct HTTPD exists -- Apache HTTPD 2.4.29Vulnerable version of product HTTPD found -- Apache HTTPD 2.4.29",
"Protocol": "tcp",
"Since": "2020-10-01T22:40:08.844Z",
"Status": "vulnerable-version"
}
],
"Id": "apache-httpd-cve-2017-15710",
"Modified": "2020-01-30",
"Published": "2018-03-26",
"RiskScore": 175.22,
"Severity": "Severe",
"Solution": [
{
"AdditionalInformation": "The latest version of Apache HTTPD is 2.4.48.\n\nMany platforms and distributions provide pre-built binary packages for Apache HTTP server. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system.",
"Estimate": "2 hours",
"Steps": "Download and apply the upgrade from: http://archive.apache.org/dist/httpd/httpd-2.4.48.tar.gz (http://archive.apache.org/dist/httpd/httpd-2.4.48.tar.gz)",
"Summary": "Upgrade to the latest version of Apache HTTPD",
"Type": "rollup-patch"
}
],
"Title": "Apache HTTPD: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)"
}
]
}
}
}

Human Readable Output#

Vulnerability apache-httpd-cve-2017-15710#

IdTitleSeverityRiskScoreCVSSCVSSV3PublishedAddedModifiedCVSSScoreCVSSV3ScoreCategoriesCVES
apache-httpd-cve-2017-15710Apache HTTPD: Out of bound write in mod_authnz_ldap when using too small Accept-Language values (CVE-2017-15710)Severe175.22AV:N/AC:L/Au:N/C:N/I:N/A:PCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H2018-03-262018-03-262020-01-305.07.5Apache,
Apache HTTP Server,
Denial of Service,
LDAP,
Web
CVE-2017-15710

Checks#

PortProtocolSinceProofStatus
80tcp2020-10-01T22:40:08.844ZRunning HTTP serviceProduct HTTPD exists -- Apache HTTPD 2.4.29Vulnerable version of product HTTPD found -- Apache HTTPD 2.4.29vulnerable-version
8000tcp2020-10-01T22:40:08.844ZRunning HTTP serviceProduct HTTPD exists -- Apache HTTPD 2.4.29Vulnerable version of product HTTPD found -- Apache HTTPD 2.4.29vulnerable-version

Solutions#

TypeSummaryStepsEstimateAdditionalInformation
rollup-patchUpgrade to the latest version of Apache HTTPDDownload and apply the upgrade from: http://archive.apache.org/dist/httpd/httpd-2.4.48.tar.gz (http://archive.apache.org/dist/httpd/httpd-2.4.48.tar.gz)2 hoursThe latest version of Apache HTTPD is 2.4.48.

Many platforms and distributions provide pre-built binary packages for Apache HTTP server. These pre-built packages are usually customized and optimized for a particular distribution, therefore we recommend that you use the packages if they are available for your operating system.

nexpose-create-shared-credential#


Create a new shared credential. For detailed explanation of all parameters of this command, see: https://help.rapid7.com/insightvm/en-us/api/index.html#operation/createSharedCredential

Base Command#

nexpose-create-shared-credential

Input#

Argument NameDescriptionRequired
nameName of the credential.Required
site_assignmentSite assignment configuration for the credential. Assign the shared scan credential either to be available to all sites, or a specific list of sites. Possible values are: All-Sites, Specific-Sites.Required
serviceCredential service type. Possible values are: AS400, CIFS, CIFSHash, CVS, DB2, FTP, HTTP, MS-SQL, MySQL, Notes, Oracle, POP, PostgresSQL, Remote-Exec, SNMP, SNMPv3, SSH, SSH-Key, Sybase, Telnet.Required
databaseDatabase name.Optional
descriptionDescription for the credential.Optional
domainDomain address.Optional
host_restrictionHostname or IP address to restrict the credentials to.Optional
http_realmHTTP realm.Optional
notes_id_passwordPassword for the notes account that will be used for authenticating.Optional
ntlm_hashNTLM password hash.Optional
oracle_enumerate_sidsWhether the scan engine should attempt to enumerate SIDs from the environment. Possible values are: true, false.Optional
oracle_listener_passwordOracle Net Listener password. Used to enumerate SIDs from your environment.Optional
oracle_sidOracle database name.Optional
passwordPassword for the credential.Optional
port_restrictionFurther restricts the credential to attempt to authenticate on a specific port. Can be used only if host_restriction is used.Optional
sitesList of site IDs for the shared credential that are explicitly assigned access to the shared scan credential, allowing it to use the credential during a scan.Optional
community_nameSNMP community for authentication.Optional
authentication_typeSNMPv3 authentication type for the credential. Possible values are: No-Authentication, MD5, SHA.Optional
privacy_passwordSNMPv3 privacy password to use.Optional
privacy_typeSNMPv3 Privacy protocol to use. Possible values are: No-Privacy, DES, AES-128, AES-192, AES-192-With-3-DES-Key-Extension, AES-256, AES-256-With-3-DES-Key-Extension.Optional
ssh_key_pemPEM formatted private key.Optional
ssh_permission_elevationElevation type to use for scans. Possible values are: None, sudo, sudosu, su, pbrun, Privileged-Exec.Optional
ssh_permission_elevation_passwordPassword to use for elevation.Optional
ssh_permission_elevation_usernameUsername to use for elevation.Optional
ssh_private_key_passwordPassword for the private key.Optional
use_windows_authenticationWhether to use Windows authentication. Possible values are: true, false.Optional
usernameUsername for the credential.Optional

Context Output#

PathTypeDescription
Nexpose.SharedCredential.idnumberID of the generated credential.

nexpose-create-site#


Creates a new site with the specified configuration.

Base Command#

nexpose-create-site

Input#

Argument NameDescriptionRequired
nameSite name. Must be unique.Required
descriptionSite's description.Optional
assetsAddresses of assets to include in site scans. Can be a comma-separated list.Required
scanTemplateIdID of a scan template to use. If not specified, the default scan template will be used. Use nexpose-get-report-templates to get a list of all available templates.Optional
importanceSite importance. Defaults to "normal" if not specified. Possible values are: very_low, low, normal, high, very_high.Optional

Context Output#

PathTypeDescription
Nexpose.Site.IdnumberID of the created site.

nexpose-create-vulnerability-exception#


Create a new vulnerability exception.

Base Command#

nexpose-create-vulnerability-exception

Input#

Argument NameDescriptionRequired
expiresThe date and time the vulnerability exception is set to expire in ISO 8601 date format.Optional
vulnerability_idID of the vulnerability to create the exception for. Example: 7-zip-cve-2008-6536.Required
scope_typeThe type of the exception scope. If set to anything other than Global, scope_id parameter is required. Possible values are: Global, Site, Asset, Asset Group.Required
stateState of the vulnerability exception. Possible values are: Expired, Approved, Rejected, Under Review.Required
commentA comment from the submitter as to why the exception was submitted.Optional
reasonReason why the vulnerability exception was submitted. Possible values are: False Positive, Compensating Control, Acceptable Use, Acceptable Risk, Other.Required
scope_idID of the chosen scope_type (site ID, asset ID, etc.). Required if scope_type is anything other than Global.Optional

Context Output#

PathTypeDescription
Nexpose.VulnerabilityException.idnumberID of the generated vulnerability exception.

nexpose-delete-asset#


Delete an asset.

Base Command#

nexpose-delete-asset

Input#

Argument NameDescriptionRequired
idID of the asset to delete.Required

Context Output#

There is no context output for this command.

Command example#

!nexpose-delete-asset id=1

Human Readable Output#

Asset 1 has been deleted.

nexpose-delete-scan-schedule#


Delete a scheduled scan.

Base Command#

nexpose-delete-scan-schedule

Input#

Argument NameDescriptionRequired
site_idID of the site to delete.Optional
site_nameName of the site to delete (can be used instead of site_id).Optional
schedule_idID of the scheduled scan to delete.Required

Context Output#

There is no context output for this command.

nexpose-delete-shared-credential#


Note: This command couldn't have been tested on our side, and therefore could have issues. Please let us know if you encounter any bugs or issues.

Delete a shared credential.

Base Command#

nexpose-delete-shared-credential

Input#

Argument NameDescriptionRequired
idID of the shared credential to delete.Required

Context Output#

There is no context output for this command.

nexpose-delete-site-scan-credential#


Note: This command couldn't have been tested on our side, and therefore could have issues. Please let us know if you encounter any bugs or issues.

Delete a site scan credential.

Base Command#

nexpose-delete-site-scan-credential

Input#

Argument NameDescriptionRequired
site_idID of the site.Optional
site_nameName of the site (can be used instead of site_id).Optional
credential_idID of the site scan credential to delete.Required

Context Output#

There is no context output for this command.

nexpose-delete-site#


Deletes a site.

Base Command#

nexpose-delete-site

Input#

Argument NameDescriptionRequired
idID of a site to delete.Optional
site_nameName of the site to delete (can be used instead of site_id).Optional

Context Output#

There is no context output for this command.

nexpose-delete-vulnerability-exception#


Delete a vulnerability exception.

Base Command#

nexpose-delete-vulnerability-exception

Input#

Argument NameDescriptionRequired
idID of the vulnerability exception to delete.Required

Command example#

!nexpose-delete-vulnerability-exception id=1

Human Readable Output#

Vulnerability exception with ID 1 has been deleted.

nexpose-get-sites#


Retrieves accessible sites.

Base Command#

nexpose-get-sites

Input#

Argument NameDescriptionRequired
page_sizeNumber of records to retrieve in each API call when pagination is used.Optional
pageA specific page to retrieve when pagination is used. Page indexing starts at 0.Optional
limitA number of records to limit the response to. Default is 10.Optional
sortCriteria to sort the records by, in the format: property[,ASC|DESC]. If not specified, default sort order is ascending. Multiple sort criteria can be specified, separated by a ";". For example: "riskScore,DESC;hostName,ASC".Optional

Context Output#

PathTypeDescription
Nexpose.Site.IdnumberThe identifier of the site.
Nexpose.Site.NamestringThe site name.
Nexpose.Site.AssetsnumberThe number of assets that belong to the site.
Nexpose.Site.TypestringThe type of the site. Valid values are agent, dynamic, static
Nexpose.Site.VulnerabilitiesnumberThe total number of vulnerabilities.
Nexpose.Site.RisknumberThe risk score (with criticality adjustments) of the site.
Nexpose.Site.LastScandateThe date and time of the site's last scan.

Command example#

!nexpose-get-sites limit=5

Context Example#

{
"Nexpose": {
"Site": [
{
"Assets": 4,
"Id": 1,
"LastScan": "2021-08-03T14:09:15.321Z",
"Name": "Authenticated-Assets",
"Risk": 20416,
"Type": "static",
"Vulnerabilities": 41
},
{
"Assets": 18,
"Id": 2,
"LastScan": "2021-06-29T07:06:54.733Z",
"Name": "PANW",
"Risk": 213245,
"Type": "static",
"Vulnerabilities": 455
},
{
"Assets": 10,
"Id": 3,
"LastScan": "2020-11-26T17:13:54.117Z",
"Name": "Test",
"Risk": 18820,
"Type": "static",
"Vulnerabilities": 45
}
]
}
}

Human Readable Output#

Nexpose Sites#

IdNameAssetsVulnerabilitiesRiskTypeLastScan
1Authenticated-Assets44120416.0static2021-08-03T14:09:15.321Z
2PANW18455213245.0static2021-06-29T07:06:54.733Z
3Test104518820.0static2020-11-26T17:13:54.117Z

nexpose-get-report-templates#


Returns all available report templates.

Base Command#

nexpose-get-report-templates

Input#

There are no input arguments for this command.

Context Output#

PathTypeDescription
Nexpose.Template.IdnumberThe identifier of the report template.
Nexpose.Template.NamestringThe name of the report template.
Nexpose.Template.DescriptionstringThe description of the report template.
Nexpose.Template.TypestringThe type of the report template. document is a templatized, typically printable, report that has various sections of content. export is data-oriented output, typically CSV. file is a printable report template using a report template file.

Command example#

!nexpose-get-report-templates

Context Example#

{
"Nexpose": {
"Template": [
{
"Description": "Provides comprehensive details about discovered assets, vulnerabilities, and users.",
"Id": "audit-report",
"Name": "Audit Report",
"Type": "document"
},
{
"Description": "Compares current scan results to those of an earlier baseline scan.",
"Id": "baseline-comparison",
"Name": "Baseline Comparison",
"Type": "document"
},
{
"Description": "Provides a high-level view of security data, including general results information and statistical charts.",
"Id": "executive-overview",
"Name": "Executive Overview",
"Type": "document"
},
{
"Description": "Provides information and metrics about 10 discovered vulnerabilities with the highest risk scores.",
"Id": "highest-risk-vulns",
"Name": "Highest Risk Vulnerabilities",
"Type": "document"
},
{
"Description": "Lists results for standard policy scans (AS/400, Oracle, Domino, Windows Group, CIFS/SMB account). Does not include Policy Manager results.",
"Id": "policy-eval",
"Name": "Policy Evaluation",
"Type": "document"
},
{
"Description": "Provides detailed remediation instructions for each discovered vulnerability.",
"Id": "remediation-plan",
"Name": "Remediation Plan",
"Type": "document"
},
{
"Description": "Lists test results for each discovered vulnerability, including how it was verified.",
"Id": "report-card",
"Name": "Report Card",
"Type": "document"
}
]
}
}

Human Readable Output#

Nexpose Templates#

IdNameDescriptionType
audit-reportAudit ReportProvides comprehensive details about discovered assets, vulnerabilities, and users.document
baseline-comparisonBaseline ComparisonCompares current scan results to those of an earlier baseline scan.document
executive-overviewExecutive OverviewProvides a high-level view of security data, including general results information and statistical charts.document
highest-risk-vulnsHighest Risk VulnerabilitiesProvides information and metrics about 10 discovered vulnerabilities with the highest risk scores.document
policy-evalPolicy EvaluationLists results for standard policy scans (AS/400, Oracle, Domino, Windows Group, CIFS/SMB account). Does not include Policy Manager results.document
remediation-planRemediation PlanProvides detailed remediation instructions for each discovered vulnerability.document
report-cardReport CardLists test results for each discovered vulnerability, including how it was verified.document

nexpose-create-asset#


Create a new asset.

Base Command#

nexpose-create-asset

Input#

Argument NameDescriptionRequired
site_idID of the site.Optional
site_nameName of the site (can be used instead of site_id).Optional
dateThe date the data was collected on the asset in ISO 8601 format.Required
ipPrimary IPv4 or IPv6 address of the asset.Required
host_nameHostname of the asset.Optional
host_name_sourceThe source used to detect the host name. "User" indicates the host name source is user-supplied. Possible values are: User, DNS, NetBIOS, DCE, EPSEC, LDAP, Other.Optional

Context Output#

PathTypeDescription
Nexpose.Asset.idstringID of the newly created asset.

Command example#

!nexpose-create-asset site_id="1" date="2022-01-01T10:00:00Z" ip="192.0.2.0"

Context Example#

{
"Nexpose": {
"Asset": {
"id": 1
}
}
}

Human Readable Output#

New asset has been created with ID 1.

nexpose-create-assets-report#


Generates a new report on given assets according to a template and arguments.

Base Command#

nexpose-create-assets-report

Input#

Argument NameDescriptionRequired
assetsAsset IDs to create the report on. Can be a comma-separated list.Required
templateReport template ID to create the report with. If not provided, the first available template will be used.Optional
nameReport name.Optional
formatReport format (uses PDF by default). Possible values are: pdf, rtf, xml, html, text.Optional
download_immediatelyWhether to download the report immediately after the report is generated. Defaults to "true". If the report takes longer than 10 seconds to generate, set to "false". Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
InfoFile.EntryIdstringEntry ID of the report file.
InfoFile.NamestringName of the report file.
InfoFile.ExtensionstringFile extension of the report file.
InfoFile.InfostringInformation about the report file.
InfoFile.SizenumberSize of the report file (in bytes).
InfoFile.TypestringType of the report file.
Nexpose.Report.IDstringThe identifier of the report.
Nexpose.Report.InstanceIDstringThe identifier of the report instance.
Nexpose.Report.NamestringThe report name.
Nexpose.Report.FormatstringThe report format.

nexpose-create-sites-report#


Generates a new report on given sites according to a template and arguments.

Base Command#

nexpose-create-sites-report

Input#

Argument NameDescriptionRequired
sitesSite IDs to create the report on. Can be a comma-separated list.Optional
site_namesNames of sites to create the report on. Can be a comma-separated list.Optional
templateReport template ID to use for report's creation. If not provided, the first available template will be used.Optional
nameReport name.Optional
formatReport format (uses PDF by default). Possible values are: pdf, rtf, xml, html, text.Optional
download_immediatelyIf true, downloads the report immediately after the report is generated. The default is "true". If the report takes longer than 10 seconds to generate, set to "false". Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
InfoFile.EntryIdstringEntry ID of the report file.
InfoFile.NamestringName of the report file.
InfoFile.ExtensionstringFile extension of the report file.
InfoFile.InfostringInfo about the report file.
InfoFile.SizenumberSize of the report file.
InfoFile.TypestringType of the report file.
Nexpose.Report.IDstringThe identifier of the report.
Nexpose.Report.InstanceIDstringThe identifier of the report instance.
Nexpose.Report.NamestringThe report name.
Nexpose.Report.FormatstringThe report format.

nexpose-create-site-scan-credential#


Note: This command couldn't have been tested on our side, and therefore could have issues. Please let us know if you encounter any bugs or issues.

Create a new site scan credential. For detailed explanation of all parameters of this command, see: https://help.rapid7.com/insightvm/en-us/api/index.html#operation/createSiteCredential

Base Command#

nexpose-create-site-scan-credential

Input#

Argument NameDescriptionRequired
site_idID of the site.Optional
site_nameName of the site (can be used instead of site_id).Optional
nameName of the credential.Required
serviceCredential service type. Possible values are: AS400, CIFS, CIFSHash, CVS, DB2, FTP, HTTP, MS-SQL, MySQL, Notes, Oracle, POP, PostgresSQL, Remote-Exec, SNMP, SNMPv3, SSH, SSH-Key, Sybase, Telnet.Required
databaseDatabase name.Optional
descriptionDescription for the credential.Optional
domainDomain address.Optional
host_restrictionHostname or IP address to restrict the credentials to.Optional
http_realmHTTP realm.Optional
notes_id_passwordPassword for the notes account that will be used for authenticating.Optional
ntlm_hashNTLM password hash.Optional
oracle_enumerate_sidsWhether the scan engine should attempt to enumerate SIDs from the environment. Possible values are: true, false.Optional
oracle_listener_passwordOracle Net Listener password. Used to enumerate SIDs from your environment.Optional
oracle_sidOracle database name.Optional
passwordPassword for the credential.Optional
port_restrictionFurther restricts the credential to attempt to authenticate on a specific port. Can be used only if host_restriction is used.Optional
community_nameSNMP community for authentication.Optional
authentication_typeSNMPv3 authentication type for the credential. Possible values are: No-Authentication, MD5, SHA.Optional
privacy_passwordSNMPv3 privacy password to use.Optional
privacy_typeSNMPv3 privacy protocol to use. Possible values are: No-Privacy, DES, AES-128, AES-192, AES-192-With-3-DES-Key-Extension, AES-256, AES-256-With-3-DES-Key-Extension.Optional
ssh_key_pemPEM formatted private key.Optional
ssh_permission_elevationElevation type to use for scans. Possible values are: None, sudo, sudosu, su, pbrun, Privileged-Exec.Optional
ssh_permission_elevation_passwordPassword to use for elevation.Optional
ssh_permission_elevation_usernameUsername to use for elevation.Optional
ssh_private_key_passwordPassword for the private key.Optional
use_windows_authenticationWhether to use Windows authentication. Possible values are: true, false.Optional
usernameUsername for the credential.Optional

Context Output#

PathTypeDescription
Nexpose.SiteScanCredential.idnumberID of the generated credential.

nexpose-create-scan-report#


Generates a new report for a specified scan.

Base Command#

nexpose-create-scan-report

Input#

Argument NameDescriptionRequired
scanID of the scan to create a report about.Required
templateReport template ID to use for creation. If not provided, the first available template will be used.Optional
nameReport name.Optional
formatReport format (uses PDF by default). Possible values are: pdf, rtf, xml, html, text.Optional
download_immediatelyIf true, downloads the report immediately after the report is generated. The default is "true". If the report takes longer than 10 seconds to generate, set to "false". Possible values are: true, false. Default is true.Optional

Context Output#

PathTypeDescription
InfoFile.EntryIdstringEntry ID of the report file.
InfoFile.NamestringName of the report file.
InfoFile.ExtensionstringFile extension of the report file.
InfoFile.InfostringInfo about the report file.
InfoFile.SizenumberSize of the report file.
InfoFile.TypestringType of the report file.
Nexpose.Report.IDstringThe identifier of the report.
Nexpose.Report.InstanceIDstringThe identifier of the report instance.
Nexpose.Report.NamestringThe report name.
Nexpose.Report.FormatstringThe report format.

Command example#

!nexpose-create-scan-report scan=1 download_immediately=false

Context Example#

{
"Nexpose": {
"Report": {
"Format": "pdf",
"ID": 3241,
"InstanceID": 3212,
"Name": "report 2022-11-30 09:25:36.359529"
}
}
}

Human Readable Output#

Report Information#

FormatIDInstanceIDName
pdf32413212report 2022-11-30 09:25:36.359529

nexpose-create-scan-schedule#


Note: This command couldn't have been tested on our side, and therefore could have issues. Please let us know if you encounter any bugs or issues.

Create a new site scan schedule.

Base Command#

nexpose-create-scan-schedule

Input#

Argument NameDescriptionRequired
site_idID of the site.Optional
site_nameName of the site (can be used instead of site_id).Optional
enabledWhether to enable the scheduled scan after creation. Possible values are: True, False. Default is True.Optional
on_scan_repeatThe desired behavior of a repeating scheduled scan when the previous scan was paused due to reaching its maximum duration. Possible values are: Restart-Scan, Resume-Scan.Required
startThe scheduled start date and time formatted in ISO 8601 format. Repeating schedules will determine the next schedule to begin based on this date and time.Required
excluded_asset_group_idsA list of IDs for asset groups to exclude from the scan.Optional
excluded_addressesA list of addresses to exclude from the scan.Optional
included_asset_group_idsA list of IDs for asset groups to include in the scan.Optional
included_addressesA list of addresses to include in the scan.Optional
duration_daysMaximum duration of the scan in days.Optional
duration_hoursMaximum duration of the scan in hours.Optional
duration_minutesMaximum duration of the scan in minutes.Optional
frequencyHow frequently the schedule should repeat (Every...). Possible values are: Hour, Day, Week, Date-of-month.Optional
interval_timeThe interval time the schedule should repeat. This depends on the value set in frequency. For example, if the value of frequency is set to "Day" and interval is set to 2, then the schedule will repeat every 2 days. Required only if frequency is used.Optional
date_of_monthSpecifies the schedule repeat day of the interval month. For example, if date_of_month is 17 and interval is set to 2, then the schedule will repeat every 2 months on the 17th day of the month. Required and used only if frequency is set to Date of month.Optional
scan_nameA unique user-defined name for the scan launched by the schedule. If not explicitly set in the schedule, the scan name will be generated prior to the scan launching.Optional
scan_templateID of the scan template to use.Optional

Context Output#

PathTypeDescription
Nexpose.ScanSchedule.idintID of the newly created scan schedule.

nexpose-list-assigned-shared-credential#


Retrieve information about shared credentials for a specific site.

Base Command#

nexpose-list-assigned-shared-credential

Input#

Argument NameDescriptionRequired
site_idID of the site.Optional
site_nameName of the site (can be used instead of site_id).Optional
limitThe number of records to limit the response to. Default is 10.Optional

Context Output#

PathTypeDescription
Nexpose.AssignedSharedCredential.enabledstringFlag indicating whether the shared credential is enabled for the site's scans.
Nexpose.AssignedSharedCredential.idstringID of the shared credential.
Nexpose.AssignedSharedCredential.namestringThe name of the shared credential.
Nexpose.AssignedSharedCredential.servicestringCredential service type.

Command example#

!nexpose-list-assigned-shared-credential site_id=1 limit=3

Context Example#

{
"Nexpose": {
"AssignedSharedCredential": [
{
"enabled": true,
"id": 1,
"name": "Test 1",
"service": "ftp"
},
{
"enabled": true,
"id": 2,
"name": "Test 2",
"service": "ftp"
},
{
"enabled": true,
"id": 3,
"name": "Test 3",
"service": "ftp"
}
]
}
}

Human Readable Output#

Nexpose Assigned Shared Credentials#

IdNameServiceEnabled
1Test 1ftptrue
2Test 2ftptrue
3Test 3ftptrue

nexpose-list-vulnerability#


Retrieve information about all or a specific vulnerability.

Base Command#

nexpose-list-vulnerability

Input#

Argument NameDescriptionRequired
idID of a specific vulnerability to retrieve.Optional
page_sizeNumber of records to retrieve in each API call when pagination is used.Optional
pageA specific page to retrieve when pagination is used. Page indexing starts at 0.Optional
limitThe number of records to limit the response to. Default is 10.Optional
sortCriteria to sort the records by, in the format: property[,ASC|DESC]. If not specified, default sort order is ascending. Multiple sort criteria can be specified, separated by a ";". For example: "riskScore,DESC;hostName,ASC".Optional

Context Output#

PathTypeDescription
Nexpose.Vulnerability.addedstringThe date the vulnerability coverage was added in ISO 8601 format.
Nexpose.Vulnerability.categoriesarrayAll vulnerability categories assigned to this vulnerability.
Nexpose.Vulnerability.cvesarrayAll CVEs assigned to this vulnerability.
Nexpose.Vulnerability.cvss.v2.accessComplexitystringAccess Complexity (AC) component that measures the complexity of the attack required to exploit the vulnerability once an attacker has gained access to the target system.
Nexpose.Vulnerability.cvss.v2.accessVectorstringAccess Vector (Av) component that reflects how the vulnerability is exploited.
Nexpose.Vulnerability.cvss.v2.authenticationstringAuthentication (Au) component that measures the number of times an attacker must authenticate to a target in order to exploit a vulnerability.
Nexpose.Vulnerability.cvss.v2.availabilityImpactstringAvailability Impact (A) component that measures the impact to availability of a successfully exploited vulnerability.
Nexpose.Vulnerability.cvss.v2.confidentialityImpactstringConfidentiality Impact (C) component that measures the impact on confidentiality of a successfully exploited vulnerability.
Nexpose.Vulnerability.cvss.v2.exploitScorenumberThe CVSS exploit score.
Nexpose.Vulnerability.cvss.v2.impactScorenumberThe CVSS impact score.
Nexpose.Vulnerability.cvss.v2.integrityImpactstringIntegrity Impact (I) component that measures the impact to integrity of a successfully exploited vulnerability.
Nexpose.Vulnerability.cvss.v2.scorenumberThe CVSS score (ranges from 0-10).
Nexpose.Vulnerability.cvss.v2.vectorstringThe CVSS v2 vector.
Nexpose.Vulnerability.cvss.v3.attackComplexitystringAccess Complexity (AC) component that measures the conditions beyond the attacker's control that must exist in order to exploit the vulnerability.
Nexpose.Vulnerability.cvss.v3.attackVectorstringAttack Vector (AV) component that measures context by which vulnerability exploitation is possible.
Nexpose.Vulnerability.cvss.v3.availabilityImpactstringAvailability Impact (A) that measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability.
Nexpose.Vulnerability.cvss.v3.confidentialityImpactstringConfidentiality Impact (C) component that measures the impact on confidentiality of a successfully exploited vulnerability.
Nexpose.Vulnerability.cvss.v3.exploitScorenumberThe CVSS impact score.
Nexpose.Vulnerability.cvss.v3.impactScorenumberThe CVSS exploit score.
Nexpose.Vulnerability.cvss.v3.integrityImpactstringIntegrity Impact (I) that measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information.
Nexpose.Vulnerability.cvss.v3.privilegeRequiredstringPrivileges Required (PR) that measures the level of privileges an attacker must possess before successfully exploiting the vulnerability.
Nexpose.Vulnerability.cvss.v3.scopestringScope (S) that measures the collection of privileges defined by a computing authority (e.g., an application, an operating system, or a sandbox environment) when granting access to computing resources (e.g., files, CPU, memory, etc.). These privileges are assigned based on some method of identification and authorization.
Nexpose.Vulnerability.cvss.v3.scorenumberThe CVSS score (ranges from 0-10).
Nexpose.Vulnerability.cvss.v3.userInteractionstringUser Interaction (UI) that measures the requirement for a user, other than the attacker, to participate in the successful compromise of the vulnerable component.
Nexpose.Vulnerability.cvss.v3.vectorstringThe CVSS v3 vector.
Nexpose.Vulnerability.denialOfServicebooleanWhether the vulnerability can lead to Denial of Service (DoS).
Nexpose.Vulnerability.description.htmlstringHypertext Markup Language (HTML) representation of the content.
Nexpose.Vulnerability.description.textstringTextual representation of the content.
Nexpose.Vulnerability.exploitsnumberThe exploits that can be used to exploit a vulnerability.
Nexpose.Vulnerability.idstringThe identifier of the vulnerability.
Nexpose.Vulnerability.malwareKitsnumberThe malware kits that are known to be used to exploit the vulnerability.
Nexpose.Vulnerability.modifiedstringThe last date the vulnerability was modified in ISO 8601 format.
Nexpose.Vulnerability.pci.adjustedCVSSScorenumberThe CVSS score of the vulnerability, adjusted for PCI rules and exceptions, on a scale of 0-10.
Nexpose.Vulnerability.pci.adjustedSeverityScorenumberThe severity score of the vulnerability, adjusted for PCI rules and exceptions, on a scale of 0-10.
Nexpose.Vulnerability.pci.failbooleanWhether, if present on a host, this vulnerability would cause a PCI failure. True if "status" is "Fail", false otherwise.
Nexpose.Vulnerability.pci.specialNotesstringAny special notes or remarks about the vulnerability that pertain to PCI compliance.
Nexpose.Vulnerability.pci.statusstringThe PCI compliance status of the vulnerability. Can be either "Pass", or "Fail".
Nexpose.Vulnerability.publishedstringThe date the vulnerability was first published or announced in ISO 8601 format.
Nexpose.Vulnerability.riskScorenumberThe risk score of the vulnerability, rounded to a maximum of two digits of precision. If using the default Rapid7 Real Risk model, this value ranges from 0-1000.
Nexpose.Vulnerability.severitystringThe severity of the vulnerability, can be either "Moderate", "Severe", or "Critical".
Nexpose.Vulnerability.severityScorenumberThe severity score of the vulnerability, on a scale of 0-10.
Nexpose.Vulnerability.titlestringThe title (summary) of the vulnerability.

Command example#

!nexpose-list-vulnerability limit=3

Context Example#

{
"Nexpose": {
"Vulnerability": [
{
"added": "2018-05-16",
"categories": [
"7-Zip"
],
"cves": [
"CVE-2008-6536"
],
"cvss": {
"v2": {
"accessComplexity": "L",
"accessVector": "N",
"authentication": "N",
"availabilityImpact": "C",
"confidentialityImpact": "C",
"exploitScore": 9.9968,
"impactScore": 10.0008,
"integrityImpact": "C",
"score": 10,
"vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"
}
},
"denialOfService": false,
"description": {
"html": "<p>Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).</p>",
"text": "Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10)."
},
"exploits": 0,
"id": "7-zip-cve-2008-6536",
"malwareKits": 0,
"modified": "2018-06-08",
"pci": {
"adjustedCVSSScore": 10,
"adjustedSeverityScore": 5,
"fail": true,
"status": "Fail"
},
"published": "2009-03-29",
"riskScore": 898.63,
"severity": "Critical",
"severityScore": 10,
"title": "7-Zip: CVE-2008-6536: Unspecified vulnerability in 7-zip before 4.5.7"
},
{
"added": "2018-05-16",
"categories": [
"7-Zip",
"Remote Execution"
],
"cves": [
"CVE-2016-2334"
],
"cvss": {
"v2": {
"accessComplexity": "M",
"accessVector": "N",
"authentication": "N",
"availabilityImpact": "C",
"confidentialityImpact": "C",
"exploitScore": 8.5888,
"impactScore": 10.0008,
"integrityImpact": "C",
"score": 9.3,
"vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"
},
"v3": {
"attackComplexity": "L",
"attackVector": "L",
"availabilityImpact": "H",
"confidentialityImpact": "H",
"exploitScore": 1.8346,
"impactScore": 5.8731,
"integrityImpact": "H",
"privilegeRequired": "N",
"scope": "U",
"score": 7.8,
"userInteraction": "R",
"vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
},
"denialOfService": false,
"description": {
"html": "<p>Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image.</p>",
"text": "Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image."
},
"exploits": 0,
"id": "7-zip-cve-2016-2334",
"malwareKits": 0,
"modified": "2018-06-08",
"pci": {
"adjustedCVSSScore": 9,
"adjustedSeverityScore": 5,
"fail": true,
"status": "Fail"
},
"published": "2016-12-13",
"riskScore": 717.53,
"severity": "Critical",
"severityScore": 9,
"title": "7-Zip: CVE-2016-2334: Heap-based buffer overflow vulnerability"
},
{
"added": "2018-05-16",
"categories": [
"7-Zip",
"Trojan"
],
"cves": [
"CVE-2016-7804"
],
"cvss": {
"v2": {
"accessComplexity": "M",
"accessVector": "N",
"authentication": "N",
"availabilityImpact": "P",
"confidentialityImpact": "P",
"exploitScore": 8.5888,
"impactScore": 6.443,
"integrityImpact": "P",
"score": 6.8,
"vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"
},
"v3": {
"attackComplexity": "L",
"attackVector": "L",
"availabilityImpact": "H",
"confidentialityImpact": "H",
"exploitScore": 1.8346,
"impactScore": 5.8731,
"integrityImpact": "H",
"privilegeRequired": "N",
"scope": "U",
"score": 7.8,
"userInteraction": "R",
"vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
},
"denialOfService": false,
"description": {
"html": "<p>Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.</p>",
"text": "Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory."
},
"exploits": 0,
"id": "7-zip-cve-2016-7804",
"malwareKits": 0,
"modified": "2018-06-08",
"pci": {
"adjustedCVSSScore": 6,
"adjustedSeverityScore": 4,
"fail": true,
"specialNotes": "The presence of malware, including rootkits, backdoors, or trojan horse programs are a violation of PCI DSS, and result in an automatic failure. ",
"status": "Fail"
},
"published": "2017-05-22",
"riskScore": 578.88,
"severity": "Severe",
"severityScore": 7,
"title": "7-Zip: CVE-2016-7804: Untrusted search path vulnerability"
}
]
}
}

Human Readable Output#

Nexpose Vulnerabilities#

TitleMalwareKitsExploitsCVSSCVSSv3RiskPublishedOnModifiedOnSeverity
7-Zip: CVE-2008-6536: Unspecified vulnerability in 7-zip before 4.5.70010.0898.632009-03-292018-06-08Critical
7-Zip: CVE-2016-2334: Heap-based buffer overflow vulnerability009.37.8717.532016-12-132018-06-08Critical
7-Zip: CVE-2016-7804: Untrusted search path vulnerability006.87.8578.882017-05-222018-06-08Severe

nexpose-list-scan-schedule#


Note: This command couldn't have been tested on our side, and therefore could have issues. Please let us know if you encounter any bugs or issues.

Retrieve information about scan schedules for a specific site or a specific scan schedule.

Base Command#

nexpose-list-scan-schedule

Input#

Argument NameDescriptionRequired
site_idID of the site.Optional
site_nameName of the site (can be used instead of site_id).Optional
schedule_idID of the scheduled scan (optional, will return a single specific scan if used).Optional
limitA number of records to limit the response to. Default is 10.Optional

Context Output#

PathTypeDescription
Nexpose.ScanSchedule.assets.excludedAssetGroups.assetGroupIDsarrayList of asset group identifiers that will be excluded from scans.
Nexpose.ScanSchedule.assets.excludedTargets.addressesarrayList of addresses that will be excluded from scans.
Nexpose.ScanSchedule.assets.includedAssetGroups.assetGroupIDsarrayList of asset group identifiers that will be included in scans.
Nexpose.ScanSchedule.assets.includedTargets.addressesarrayList of addresses that will be included in scans.
Nexpose.ScanSchedule.durationstringSpecifies in ISO 8601 duration format the maximum duration the scheduled scan is allowed to run.
Nexpose.ScanSchedule.enabledstringFlag indicating whether the scan schedule is enabled.
Nexpose.ScanSchedule.idintThe identifier of the scan schedule.
Nexpose.ScanSchedule.nextRuntimesarrayList the next 10 dates when the schedule will launch.
Nexpose.ScanSchedule.onScanRepeatstringSpecifies the desired behavior of a repeating scheduled scan when the previous scan was paused due to reaching is maximum duration.
Nexpose.ScanSchedule.repeat.dayOfWeekunknownSpecifies the desired behavior of a repeating scheduled scan when the previous scan was paused due to reaching is maximum duration.
Nexpose.ScanSchedule.repeat.everyunknownThe frequency in which the schedule repeats. Each value represents a different unit of time and is used in conjunction with the property interval.
Nexpose.ScanSchedule.repeat.intervalunknownThe interval time the schedule should repeat. This depends on the value set in every.
Nexpose.ScanSchedule.repeat.weekOfMonthunknownThis property only applies to schedules with an every value of "day-of-month". The week of the month the scheduled task should repeat.
Nexpose.ScanSchedule.repeat.scanEngineIdunknownThe identifier of the scan engine to be used for this scan schedule. If not set, the site's assigned scan engine will be used.
Nexpose.ScanSchedule.repeat.scanNameunknownA user-defined name for the scan launched by the schedule.
Nexpose.ScanSchedule.repeat.scanTemplateIdunknownThe identifier of the scan template to be used for this scan schedule. If not set, the site's assigned scan template will be used.
Nexpose.ScanSchedule.repeat.startunknownThe scheduled start date and time. Repeating schedules will determine the next schedule to begin based on this date and time.

nexpose-list-shared-credential#


Retrieve information about all or a specific shared credential.

Base Command#

nexpose-list-shared-credential

Input#

Argument NameDescriptionRequired
idID of a specific shared credential to retrieve.Optional
limitA number of records to limit the response to. Default is 10.Optional

Context Output#

PathTypeDescription
Nexpose.SharedCredential.account.authenticationTypestringSNMPv3 authentication type for the credential.
Nexpose.SharedCredential.account.communityNamestringSNMP community for authentication.
Nexpose.SharedCredential.account.databasestringDatabase name.
Nexpose.SharedCredential.account.domainstringDomain address.
Nexpose.SharedCredential.account.enumerateSidsbooleanWhether the scan engine should attempt to enumerate SIDs from the environment.
Nexpose.SharedCredential.account.notesIDPasswordstringPassword for the notes account that will be used for authenticating.
Nexpose.SharedCredential.account.ntlmHashstringNTLM password hash.
Nexpose.SharedCredential.account.oracleListenerPasswordstringThe Oracle Net Listener password. Used to enumerate SIDs from the environment.
Nexpose.SharedCredential.account.passwordstringPassword for the credential.
Nexpose.SharedCredential.account.pemKeystringPEM formatted private key.
Nexpose.SharedCredential.account.permissionElevationstringElevation type to use for scans.
Nexpose.SharedCredential.account.permissionElevationPasswordstringPassword to use for elevation.
Nexpose.SharedCredential.account.permissionElevationUserNamestringUsername to use for elevation.
Nexpose.SharedCredential.account.privacyPasswordstringSNMPv3 privacy password to use.
Nexpose.SharedCredential.account.privacyTypestringSNMPv3 privacy protocol to use.
Nexpose.SharedCredential.account.privateKeyPasswordstringPassword for the private key.
Nexpose.SharedCredential.account.realmstringHTTP realm.
Nexpose.SharedCredential.account.servicestringCredential service type.
Nexpose.SharedCredential.account.sidstringOracle database name.
Nexpose.SharedCredential.account.useWindowsAuthenticationbooleanWhether to use Windows authentication.
Nexpose.SharedCredential.account.usernamestringUsername for the credential.
Nexpose.SharedCredential.descriptionstringDescription for the credential.
Nexpose.SharedCredential.hostRestrictionstringHostname or IP address to restrict the credentials to.
Nexpose.SharedCredential.idnumberID of the shared credential.
Nexpose.SharedCredential.namestringName of the credential.
Nexpose.SharedCredential.portRestrictionnumberFurther restricts the credential to attempt to authenticate on a specific port. Can be used only if `hostRestriction` is used.
Nexpose.SharedCredential.siteAssignmentstringSite assignment configuration for the credential.
Nexpose.SharedCredential.sitesarrayList of site IDs for the shared credential that are explicitly assigned access to the shared scan credential, allowing it to use the credential during a scan.

Command example#

!nexpose-list-shared-credential limit=3

Context Example#

{
"Nexpose": {
"SharedCredential": [
{
"account": {
"authenticationType": "md5",
"privacyType": "no-privacy",
"service": "snmpv3",
"username": "test"
},
"id": 1,
"name": "shared credentials",
"siteAssignment": "specific-sites",
"sites": [
1
]
},
{
"account": {
"service": "as400",
"username": "test"
},
"id": 2,
"name": "shared credentials",
"siteAssignment": "specific-sites",
"sites": [
1
]
},
{
"account": {
"permissionElevation": "sudosu",
"permissionElevationUsername": "test",
"service": "ssh",
"username": "test"
},
"id": 3,
"name": "shared credentials",
"siteAssignment": "specific-sites",
"sites": [
1
]
}
]
}
}

Human Readable Output#

Nexpose Shared Credentials#

IdNameServiceUserName
1shared credentialssnmpv3test
2shared credentialsas400test
3shared credentialssshtest

nexpose-list-site-scan-credential#


Note: This command couldn't have been tested on our side, and therefore could have issues. Please let us know if you encounter any bugs or issues.

Retrieve information about all or a specific sca credential.

Base Command#

nexpose-list-site-scan-credential

Input#

Argument NameDescriptionRequired
site_idID of the site.Optional
site_nameName of the site (can be used instead of site_id).Optional
credential_idID of a specific scan credential to retrieve.Optional
limitA number of records to limit the response to. Default is 10.Optional

Context Output#

PathTypeDescription
Nexpose.SiteScanCredential.account.authenticationTypestringSNMPv3 authentication type for the credential.
Nexpose.SiteScanCredential.account.communityNamestringSNMP community for authentication.
Nexpose.SiteScanCredential.account.databasestringDatabase name.
Nexpose.SiteScanCredential.account.domainstringDomain address.
Nexpose.SiteScanCredential.account.enumerateSidsbooleanWhether the scan engine should attempt to enumerate SIDs from the environment.
Nexpose.SiteScanCredential.account.notesIDPasswordstringPassword for the notes account that will be used for authenticating.
Nexpose.SiteScanCredential.account.ntlmHashstringNTLM password hash.
Nexpose.SiteScanCredential.account.oracleListenerPasswordstringThe Oracle Net Listener password. Used to enumerate SIDs from the environment.
Nexpose.SiteScanCredential.account.passwordstringPassword for the credential.
Nexpose.SiteScanCredential.account.pemKeystringPEM formatted private key.
Nexpose.SiteScanCredential.account.permissionElevationstringElevation type to use for scans.
Nexpose.SiteScanCredential.account.permissionElevationPasswordstringPassword to use for elevation.
Nexpose.SiteScanCredential.account.permissionElevationUserNamestringUsername to use for elevation.
Nexpose.SiteScanCredential.account.privacyPasswordstringSNMPv3 privacy password to use.
Nexpose.SiteScanCredential.account.privacyTypestringSNMPv3 privacy protocol to use.
Nexpose.SiteScanCredential.account.privateKeyPasswordstringPassword for the private key.
Nexpose.SiteScanCredential.account.realmstringHTTP realm.
Nexpose.SiteScanCredential.account.servicestringCredential service type.
Nexpose.SiteScanCredential.account.sidstringOracle database name.
Nexpose.SiteScanCredential.account.useWindowsAuthenticationbooleanWhether to use Windows authentication.
Nexpose.SiteScanCredential.account.usernamestringUsername for the credential.
Nexpose.SiteScanCredential.descriptionstringDescription for the credential.
Nexpose.SiteScanCredential.hostRestrictionstringHostname or IP address to restrict the credentials to.
Nexpose.SiteScanCredential.idnumberID of the credential.
Nexpose.SiteScanCredential.namestringName of the credential.
Nexpose.SiteScanCredential.portRestrictionnumberFurther restricts the credential to attempt to authenticate on a specific port. Can be used only if `hostRestriction` is used.

nexpose-list-vulnerability-exceptions#


Retrieve information about scan schedules for a specific site or a specific scan schedule.

Base Command#

nexpose-list-vulnerability-exceptions

Input#

Argument NameDescriptionRequired
idID of the vulnerability exception to retrieve. If not set, retrieve all vulnerability exceptions.Optional
page_sizeNumber of records to retrieve in each API call when pagination is used.Optional
pageA specific page to retrieve when pagination is used. Page indexing starts at 0.Optional
sortCriteria to sort the records by, in the format: property[,ASC|DESC]. If not specified, default sort order is ascending. Multiple sort criteria can be specified, separated by a ";". For example: "riskScore,DESC;hostName,ASC". Default is submit.date,ASC.Optional
limitA number of records to limit the response to. Default is 10.Optional

Context Output#

PathTypeDescription
Nexpose.VulnerabilityException.expiresstringThe date and time the vulnerability exception is set to expire.
Nexpose.VulnerabilityException.idintThe The identifier of the vulnerability exception.
Nexpose.VulnerabilityException.scope.idintThe identifier of the vulnerability to which the exception applies.
Nexpose.VulnerabilityException.scope.keystringIf the scope type is "Instance", an optional key to discriminate the instance the exception applies to.
Nexpose.VulnerabilityException.scope.portintIf the scope type is "Instance" and the vulnerability is detected on a service, the port on which the exception applies.
Nexpose.VulnerabilityException.scope.typestringThe type of the exception scope. One of: "Global", "Site", "Asset", "Asset Group", "Instance".
Nexpose.VulnerabilityException.scope.vulnerabilitystringThe identifier of the vulnerability to which the exception applies.
Nexpose.VulnerabilityException.statestringThe state of the vulnerability exception. One of: "Deleted", "Expired", "Approved", "Rejected", `"Under Review".
Nexpose.VulnerabilityException.submit.commentstringA comment from the submitter as to why the exception was submitted.
Nexpose.VulnerabilityException.submit.datestringThe date and time the vulnerability exception was submitted.
Nexpose.VulnerabilityException.submit.namestringThe login name of the user who submitted the vulnerability exception.
Nexpose.VulnerabilityException.submit.reasonstringThe reason the vulnerability exception was submitted. One of: "False Positive", "Compensating Control", "Acceptable Use", "Acceptable Risk", "Other"
Nexpose.VulnerabilityException.submit.userintThe identifier of the user who submitted the vulnerability exception.

Command example#

!nexpose-list-vulnerability-exceptions sort="submit.date,ASC" limit=3

Context Example#

{
"Nexpose": {
"VulnerabilityException": [
{
"expires": "2028-03-01T04:31:56Z",
"id": 1,
"review": {
"comment": "Auto approved by submitter.",
"date": "2022-10-31T14:39:15.736Z",
"name": "admin",
"user": 1
},
"scope": {
"type": "global",
"vulnerability": "tlsv1_0-enabled"
},
"state": "approved",
"submit": {
"date": "2022-06-29T16:10:06.616880Z",
"name": "admin",
"reason": "false positive",
"user": 1
}
},
{
"id": 2,
"review": {
"date": "2022-10-30T13:54:31.084Z",
"name": "admin",
"user": 1
},
"scope": {
"type": "global",
"vulnerability": "php-cve-2018-10545"
},
"state": "rejected",
"submit": {
"date": "2022-07-13T13:27:31.647402Z",
"name": "admin",
"reason": "acceptable use",
"user": 1
}
},
{
"id": 3,
"scope": {
"type": "global",
"vulnerability": "cifs-smb-signing-disabled"
},
"state": "under review",
"submit": {
"date": "2022-10-27T11:40:34.109268Z",
"name": "admin",
"reason": "acceptable use",
"user": 1
}
}
]
}
}

Human Readable Output#

Nexpose Vulnerability Exceptions#

IdVulnerabilityExceptionScopeReasonReportedByReviewStatusReviewedOnExpiresOn
1tlsv1_0-enabledglobalfalse positiveadminapproved2022-10-31T14:39:15.736Z2028-03-01T04:31:56Z
2php-cve-2018-10545globalacceptable useadminrejected2022-10-30T13:54:31.084Z
3cifs-smb-signing-disabledglobalacceptable useadminunder review

nexpose-start-site-scan#


Starts a scan for the specified site.

Base Command#

nexpose-start-site-scan

Input#

Argument NameDescriptionRequired
siteID of the site.Optional
site_nameName of the site (can be used instead of site).Optional
hostsHosts that should be included as a part of the scan. Can be an IP addresses or a hostname. Can be a comma-separated list.Optional
nameScan name.Optional

Context Output#

PathTypeDescription
Nexpose.Scan.IdnumberThe identifier of the scan.
Nexpose.Scan.ScanTypestringThe scan type (automated, manual, scheduled).
Nexpose.Scan.StartedBydateThe name of the user who started the scan.
Nexpose.Scan.AssetsnumberThe number of assets found in the scan.
Nexpose.Scan.TotalTimestringThe duration of the scan in minutes.
Nexpose.Scan.CompleteddateThe end time of the scan in ISO8601 format.
Nexpose.Scan.StatusstringThe scan status. Valid values are aborted, unknown, running, finished, stopped, error, paused, dispatched, integrating.
Nexpose.Scan.Vulnerabilities.CriticalnumberThe number of critical vulnerabilities.
Nexpose.Scan.Vulnerabilities.ModeratenumberThe number of moderate vulnerabilities.
Nexpose.Scan.Vulnerabilities.SeverenumberThe number of severe vulnerabilities.
Nexpose.Scan.Vulnerabilities.TotalnumberThe total number of vulnerabilities.

nexpose-start-assets-scan#


Starts a scan for specified asset IP addresses and host names.

Base Command#

nexpose-start-assets-scan

Input#

Argument NameDescriptionRequired
IPsIP addresses of assets to scan. Can be a comma-separated list.Optional
hostNamesHostnames of assets to scan. Can be a comma-separated list.Optional
nameScan name.Optional

Context Output#

PathTypeDescription
Nexpose.Scan.IdnumberThe identifier of the scan.
Nexpose.Scan.ScanTypestringThe scan type (automated, manual, scheduled).
Nexpose.Scan.StartedBydateThe name of the user who started the scan.
Nexpose.Scan.AssetsnumberThe number of assets found in the scan.
Nexpose.Scan.TotalTimestringThe duration of the scan in minutes.
Nexpose.Scan.CompleteddateThe end time of the scan in ISO8601 format.
Nexpose.Scan.StatusstringThe scan status. Valid values are aborted, unknown, running, finished, stopped, error, paused, dispatched, integrating.
Nexpose.Scan.Vulnerabilities.CriticalnumberThe number of critical vulnerabilities.
Nexpose.Scan.Vulnerabilities.ModeratenumberThe number of moderate vulnerabilities.
Nexpose.Scan.Vulnerabilities.SeverenumberThe number of severe vulnerabilities.
Nexpose.Scan.Vulnerabilities.TotalnumberThe total number of vulnerabilities.

nexpose-stop-scan#


Stop a running scan.

Base Command#

nexpose-stop-scan

Input#

Argument NameDescriptionRequired
idID of a running scan.Required

nexpose-pause-scan#


Pause a running scan.

Base Command#

nexpose-pause-scan

Input#

Argument NameDescriptionRequired
idID of a running scan.Required

nexpose-resume-scan#


Resume a paused scan.

Base Command#

nexpose-resume-scan

Input#

Argument NameDescriptionRequired
idID of a paused scan.Required

nexpose-get-scans#


Return a list of scans. Returns only active scans by default (active=true).

Base Command#

nexpose-get-scans

Input#

Argument NameDescriptionRequired
activeWhether to return only active scans. Possible values are: true, false. Default is true.Optional
page_sizeNumber of records to retrieve in each API call when pagination is used.Optional
pageA specific page to retrieve when pagination is used. Page indexing starts at 0.Optional
limitA number of records to limit the response to. Default is 10.Optional
sortCriteria to sort the records by, in the format: property[,ASC|DESC]. If not specified, default sort order is ascending. Multiple sort criteria can be specified, separated by a ";". For example: "riskScore,DESC;hostName,ASC".Optional

Context Output#

PathTypeDescription
Nexpose.Scan.IdnumberThe identifier of the scan.
Nexpose.Scan.ScanTypestringThe scan type (automated, manual, scheduled).
Nexpose.Scan.StartedBydateThe name of the user who started the scan.
Nexpose.Scan.AssetsnumberThe number of assets found in the scan
Nexpose.Scan.TotalTimestringThe duration of the scan in minutes.
Nexpose.Scan.CompleteddateThe end time of the scan in ISO8601 format.
Nexpose.Scan.StatusstringThe scan status. Valid values are aborted, unknown, running, finished, stopped, error, paused, dispatched, integrating.

Command example#

!nexpose-get-scans active=false limit=3

Context Example#

{
"Nexpose": {
"Scan": [
{
"Assets": 0,
"Completed": "2019-12-03T20:48:01.368Z",
"Id": 1,
"Message": null,
"ScanName": "Tue 03 Dec 2019 10:47 PM",
"ScanType": "Manual",
"StartedBy": null,
"Status": "finished",
"TotalTime": "51.316 seconds"
},
{
"Assets": 0,
"Completed": "2019-12-03T20:53:09.453Z",
"Id": 2,
"Message": null,
"ScanName": "Tue 03 Dec 2019 10:52 PM",
"ScanType": "Manual",
"StartedBy": null,
"Status": "finished",
"TotalTime": "29.91 seconds"
},
{
"Assets": 0,
"Completed": "2019-12-03T21:01:33.970Z",
"Id": 3,
"Message": null,
"ScanName": "scan 2019-12-03 19:58:25.961787",
"ScanType": "Manual",
"StartedBy": null,
"Status": "finished",
"TotalTime": "28.904 seconds"
}
]
}
}

Human Readable Output#

Nexpose Scans#

IdScanTypeScanNameAssetsTotalTimeCompletedStatus
1ManualTue 03 Dec 2019 10:47 PM051.316 seconds2019-12-03T20:48:01.368Zfinished
2ManualTue 03 Dec 2019 10:52 PM029.91 seconds2019-12-03T20:53:09.453Zfinished
3Manualscan 2019-12-03 19:58:25.961787028.904 seconds2019-12-03T21:01:33.970Zfinished

nexpose-disable-shared-credential#


Note: This command couldn't have been tested on our side, and therefore could have issues. Please let us know if you encounter any bugs or issues.

Disable an assigned shared credential.

Base Command#

nexpose-disable-shared-credential

Input#

Argument NameDescriptionRequired
site_idID of the site.Optional
site_nameName of the site (can be used instead of site_id).Optional
credential_idID of the scan schedule to update.Required

nexpose-download-report#


Returns the generated report.

Base Command#

nexpose-download-report

Input#

Argument NameDescriptionRequired
report_idID of the report.Required
instance_idID of the report instance. Supports a "latest" value.Required
nameReport name.Optional
formatReport format (uses PDF by default). Possible values are: pdf, rtf, xml, html, text, nexpose-simple-xml. Default is pdf.Optional

Context Output#

PathTypeDescription
InfoFile.EntryIdstringEntry ID of the report file.
InfoFile.NamestringName of the report file.
InfoFile.ExtensionstringFile extension of the report file.
InfoFile.InfostringInformation about the report file.
InfoFile.SizenumberSize of the report file (in bytes).
InfoFile.TypestringType of the report file.

Command example#

!nexpose-download-report report_id=1 instance_id=latest

Context Example#

{
"InfoFile": {
"EntryID": "4127@403762e2-be4e-4f12-8a17-26cdb21b129e",
"Extension": "pdf",
"Info": "application/pdf",
"Name": "report 2022-11-30 09:25:43.835638.pdf",
"Size": 76699,
"Type": "PDF document, version 1.4"
}
}

nexpose-enable-shared-credential#


Note: This command couldn't have been tested on our side, and therefore could have issues. Please let us know if you encounter any bugs or issues.

Enable an assigned shared credential.

Base Command#

nexpose-enable-shared-credential

Input#

Argument NameDescriptionRequired
site_idID of the site.Optional
site_nameName of the site (can be used instead of site_id).Optional
credential_idID of the scan schedule to update.Required

nexpose-get-report-status#


Returns the status of a report generation process.

Base Command#

nexpose-get-report-status

Input#

Argument NameDescriptionRequired
report_idID of the report.Required
instance_idID of the report instance. Supports a "latest" value.Required

Context Output#

PathTypeDescription
Nexpose.Report.IDstringThe identifier of the report.
Nexpose.Report.InstanceIDstringThe identifier of the report instance.
Nexpose.Report.StatusstringThe status of the report generation process. Valid values: "aborted", "failed", "complete", "running", "unknown".

Command example#

!nexpose-get-report-status report_id=1 instance_id=latest

Context Example#

{
"Nexpose": {
"Report": {
"ID": "1",
"InstanceID": "latest",
"Status": "complete"
}
}
}

Human Readable Output#

Report Generation Status#

IDInstanceIDStatus
1latestcomplete

nexpose-update-scan-schedule#


Note: This command couldn't have been tested on our side, and therefore could have issues. Please let us know if you encounter any bugs or issues.

Update an existing site scan schedule.

Base Command#

nexpose-update-scan-schedule

Input#

Argument NameDescriptionRequired
site_idID of the site.Optional
site_nameName of the site (can be used instead of site_id).Optional
schedule_idID of the scan schedule to update.Optional
enabledA flag indicating whether the scheduled scan is enabled. Possible values are: True, False. Default is True.Optional
on_scan_repeatThe desired behavior of a repeating scheduled scan when the previous scan was paused due to reaching its maximum duration. Possible values are: Restart-Scan, Resume-Scan.Required
startThe scheduled start date and time formatted in ISO 8601 format. Repeating schedules will determine the next schedule to begin based on this date and time.Required
excluded_asset_group_idsA list of IDs for asset groups to exclude from the scan.Optional
excluded_addressesA list of addresses to exclude from the scan.Optional
included_asset_group_idsA list of IDs for asset groups to include in the scan.Optional
included_addressesA list of addresses to include in the scan.Optional
duration_daysMaximum duration of the scan in days.Optional
duration_hoursMaximum duration of the scan in hours.Optional
duration_minutesMaximum duration of the scan in minutes.Optional
frequencyHow frequently should the schedule repeat (Every...). Possible values are: Hour, Day, Week, Date-of-month.Optional
interval_timeThe interval time the schedule should repeat. This depends on the value set in frequency. For example, if the value of frequency is set to "Day" and interval is set to 2, then the schedule will repeat every 2 days. Required only if frequency is used.Optional
date_of_monthSpecifies the schedule repeat day of the interval month. For example, if date_of_month is 17 and interval is set to 2, then the schedule will repeat every 2 months on the 17th day of the month. Required and used only if frequency is set to Date of month.Optional
scan_nameA unique user-defined name for the scan launched by the schedule. If not explicitly set in the schedule, the scan name will be generated prior to the scan launching.Optional
scan_templateID of the scan template to use.Optional

Context Output#

There is no context output for this command.

nexpose-update-site-scan-credential#


Note: This command couldn't have been tested on our side, and therefore could have issues. Please let us know if you encounter any bugs or issues.

Update an existing site scan credential. For detailed explanation of all parameters of this command, see: https://help.rapid7.com/insightvm/en-us/api/index.html#operation/setSiteCredentials.

Base Command#

nexpose-update-site-scan-credential

Input#

Argument NameDescriptionRequired
site_idID of the site.Optional
site_nameName of the site (can be used instead of site_id).Optional
credential_idID of the site scan credential to update.Required
nameName of the credential.Required
serviceCredential service type. Possible values are: AS400, CIFS, CIFSHash, CVS, DB2, FTP, HTTP, MS-SQL, MySQL, Notes, Oracle, POP, PostgresSQL, Remote-Exec, SNMP, SNMPv3, SSH, SSH-Key, Sybase, Telnet.Required
databaseDatabase name.Optional
descriptionDescription for the credential.Optional
domainDomain address.Optional
host_restrictionHostname or IP address to restrict the credentials to.Optional
http_realmHTTP realm.Optional
notes_id_passwordPassword for the notes account that will be used for authenticating.Optional
ntlm_hashNTLM password hash.Optional
oracle_enumerate_sidsWhether the scan engine should attempt to enumerate SIDs from the environment. Possible values are: true, false.Optional
oracle_listener_passwordOracle Net Listener password. Used to enumerate SIDs from your environment.Optional
oracle_sidOracle database name.Optional
passwordPassword for the credential.Optional
port_restrictionFurther restricts the credential to attempt to authenticate on a specific port. Can be used only if host_restriction is used.Optional
community_nameSNMP community for authentication.Optional
authentication_typeSNMPv3 authentication type for the credential. Possible values are: No-Authentication, MD5, SHA.Optional
privacy_passwordSNMPv3 privacy password to use.Optional
privacy_typeSNMPv3 Privacy protocol to use. Possible values are: No-Privacy, DES, AES-128, AES-192, AES-192-With-3-DES-Key-Extension, AES-256, AES-256-With-3-DES-Key-Extension.Optional
ssh_key_pemPEM formatted private key.Optional
ssh_permission_elevationElevation type to use for scans. Possible values are: None, sudo, sudosu, su, pbrun, Privileged Exec.Optional
ssh_permission_elevation_passwordPassword to use for elevation.Optional
ssh_permission_elevation_usernameUsername to use for elevation.Optional
ssh_private_key_passwordPassword for the private key.Optional
use_windows_authenticationWhether to use Windows authentication. Possible values are: true, false.Optional
usernameUsername for the credential.Optional

Context Output#

There is no context output for this command.

nexpose-update-vulnerability-exception-expiration#


Update an existing vulnerability exception.

Base Command#

nexpose-update-vulnerability-exception-expiration

Input#

Argument NameDescriptionRequired
idID of the vulnerability exception to update.Required
expirationAn expiration date for the vulnerability exception formatted in ISO 8601 format. Must be a date in the future.Required

Command example#

!nexpose-update-vulnerability-exception-expiration id=1 expiration=2024-10-10T10:00:00Z

Human Readable Output#

Successfully updated expiration date of vulnerability exception 1.

nexpose-update-vulnerability-exception-status#


Update an existing vulnerability exception.

Base Command#

nexpose-update-vulnerability-exception-status

Input#

Argument NameDescriptionRequired
idID of the vulnerability exception to update.Required
statusA status to update the vulnerability exception to. Possible values are: Recall, Approve, Reject.Required

Command example#

!nexpose-update-vulnerability-exception-status id=1 status=Approve

Human Readable Output#

Successfully updated status of vulnerability exception 1.

nexpose-update-shared-credential#


Update an existing shared credential.

Base Command#

nexpose-update-shared-credential

Input#

Argument NameDescriptionRequired
idID of the shared credential to update.Required
nameName of the credential.Required
site_assignmentSite assignment configuration for the credential. Assign the shared scan credential either to be available to all sites, or a specific list of sites. Possible values are: All-Sites, Specific-Sites.Required
serviceCredential service type. Possible values are: AS400, CIFS, CIFSHash, CVS, DB2, FTP, HTTP, MS-SQL, MySQL, Notes, Oracle, POP, PostgresSQL, Remote-Exec, SNMP, SNMPv3, SSH, SSH-Key, Sybase, Telnet.Required
databaseDatabase name.Optional
descriptionDescription for the credential.Optional
domainDomain address.Optional
host_restrictionHostname or IP address to restrict the credentials to.Optional
http_realmHTTP realm.Optional
notes_id_passwordPassword for the notes account that will be used for authenticating.Optional
ntlm_hashNTLM password hash.Optional
oracle_enumerate_sidsWhether the scan engine should attempt to enumerate SIDs from the environment. Possible values are: true, false.Optional
oracle_listener_passwordOracle Net Listener password. Used to enumerate SIDs from your environment.Optional
oracle_sidOracle database name.Optional
passwordPassword for the credential.Optional
port_restrictionFurther restricts the credential to attempt to authenticate on a specific port. Can be used only if host_restriction is used.Optional
sitesList of site IDs for the shared credential that are explicitly assigned access to the shared scan credential, allowing it to use the credential during a scan.Optional
community_nameSNMP community for authentication.Optional
authentication_typeSNMPv3 authentication type for the credential. Possible values are: No-Authentication, MD5, SHA.Optional
privacy_passwordSNMPv3 privacy password to use.Optional
privacy_typeSNMPv3 Privacy protocol to use. Possible values are: No-Privacy, DES, AES-128, AES-192, AES-192-With-3-DES-Key-Extension, AES-256, AES-256-With-3-DES-Key-Extension.Optional
ssh_key_pemPEM formatted private key.Optional
ssh_permission_elevationElevation type to use for scans. Possible values are: None, sudo, sudosu, su, pbrun, Privileged-Exec.Optional
ssh_permission_elevation_passwordPassword to use for elevation.Optional
ssh_permission_elevation_usernameUsername to use for elevation.Optional
ssh_private_key_passwordPassword for the private key.Optional
use_windows_authenticationWhether to use Windows authentication. Possible values are: true, false.Optional
usernameUsername for the credential.Optional

Context Output#

There is no context output for this command.