Rapid7 Nexpose
Rapid7 Nexpose Pack.#
This Integration is part of theRapid7's on-premise vulnerability management solution, Nexpose, helps you reduce your threat exposure by enabling you to assess and respond to changes in your environment real time and prioritizing risk across vulnerabilities, configurations, and controls. This integration was integrated and tested with version 3 of Rapid7 Nexpose
#
Configure Rapid7 Nexpose on Cortex XSOARTo use Nexpose on XSOAR, you need user credentials for Nexpose. You can also use a two-factor authentication token.
Navigate to Settings > Integrations > Servers & Services.
Search for Rapid7 Nexpose.
Click Add instance to create and configure a new integration instance.
Parameter Required Server URL (e.g. https://192.168.0.1:8080) True Username True Trust any certificate (not secure) False Use system proxy settings False The 2FA token False Click Test to validate the URLs, token, and connection.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
When using the sort
parameter, you need to specify the fields to sort
as they are in the API, for example, riskScore
. All the available
fields for any type of response can be found in the API Documentation.
- Get a single asset: nexpose-get-asset
- Get all assets: nexpose-get-assets
- Get all assets that match the filters: nexpose-search-assets
- Get a specified scan: nexpose-get-scan
- Get an asset's details: nexpose-get-asset-vulnerability
- Create a site: nexpose-create-site
- Delete a site: nexpose-delete-site
- Retrieve sites: nexpose-get-sites
- Get report templates: nexpose-get-report-templates
- Create an assets report: nexpose-create-assets-report
- Create a sites report: nexpose-create-sites-report
- Create a scan report: nexpose-create-scan-report
- Start a site scan: nexpose-start-site-scan
- Start an assets scan: nexpose-start-assets-scan
- Stop a scan: nexpose-stop-scan
- Pause a scan: nexpose-pause-scan
- Resume a scan: nexpose-resume-scan
- Get a list of scans: nexpose-get-scans
- Get the status of a report generation process: nexpose-get-report-status
- Get the content of a generated report: nexpose-download-report
#
nexpose-get-assetReturns the specified asset.
#
Base Commandnexpose-get-asset
#
InputArgument Name | Description | Required |
---|---|---|
id | integer <int64> The identifier of the asset. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Nexpose.Asset.Addresses | unknown | All addresses discovered on the asset. |
Nexpose.Asset.AssetId | number | Id of the asset. |
Nexpose.Asset.Hardware | string | The primary Media Access Control (MAC) address of the asset. The format is six groups of two hexadecimal digits separated by colons. |
Nexpose.Asset.Aliases | unknown | All host names or aliases discovered on the asset. |
Nexpose.Asset.HostType | string | The type of asset, Valid values are unknown, guest, hypervisor, physical, mobile |
Nexpose.Asset.Site | string | Asset site name. |
Nexpose.Asset.OperatingSystem | string | Operating system of the asset. |
Nexpose.Asset.Vulnerabilities | number | The total number of vulnerabilities on the asset. |
Nexpose.Asset.CPE | string | The Common Platform Enumeration (CPE) of the operating system. |
Nexpose.Asset.LastScanDate | date | Last scan date of the asset. |
Nexpose.Asset.LastScanId | number | Id of the asset's last scan. |
Nexpose.Asset.RiskScore | number | The risk score (with criticality adjustments) of the asset. |
Nexpose.Asset.Software.Software | string | The description of the software. |
Nexpose.Asset.Software.Version | string | The version of the software. |
Nexpose.Asset.Services.Name | string | The name of the service. |
Nexpose.Asset.Services.Port | number | The port of the service. |
Nexpose.Asset.Services.Product | string | The product running the service. |
Nexpose.Asset.Services.protocol | string | The protocol of the service, valid values are ip, icmp, igmp, ggp, tcp, pup, udp, idp, esp, nd, raw |
Nexpose.Asset.Users.FullName | string | The full name of the user account. |
Nexpose.Asset.Users.Name | string | The name of the user account. |
Nexpose.Asset.Users.UserId | number | The identifier of the user account. |
Nexpose.Asset.Vulnerability.Id | number | The identifier of the vulnerability. |
Nexpose.Asset.Vulnerability.Instances | number | The number of vulnerable occurrences of the vulnerability. This does not include invulnerable instances. |
Nexpose.Asset.Vulnerability.Title | string | The title (summary) of the vulnerability. |
Nexpose.Asset.Vulnerability.Malware | number | The malware kits that are known to be used to exploit the vulnerability. |
Nexpose.Asset.Vulnerability.Exploit | number | The exploits that can be used to exploit a vulnerability. |
Nexpose.Asset.Vulnerability.CVSS | string | The CVSS exploit score. |
Nexpose.Asset.Vulnerability.Risk | number | The risk score of the vulnerability, rounded to a maximum of to digits of precision. If using the default Rapid7 Real Riskâ„¢ model, this value ranges from 0-1000. |
Nexpose.Asset.Vulnerability.PublishedOn | date | The date the vulnerability was first published or announced. The format is an ISO 8601 date, YYYY-MM-DD. |
Nexpose.Asset.Vulnerability.ModifiedOn | date | The last date the vulnerability was modified. The format is an ISO 8601 date, YYYY-MM-DD. |
Nexpose.Asset.Vulnerability.Severity | string | The severity of the vulnerability, one of: "Moderate", "Severe", "Critical". |
Endpoint.IP | string | Endpoint IP address. |
Endpoint.HostName | string | Endpoint host name. |
Endpoint.OS | string | Endpoint operating system. |
CVE.ID | string | Common Vulnerabilities and Exposures ids |
#
Command Example!nexpose-get-asset id=2
#
Context Example#
Human Readable Output#
Nexpose asset 2
AssetId Addresses Hardware Site OperatingSystem LastScanDate LastScanId RiskScore 2 192.168.1.1 00:0C:29:9B:D2:3A Test Linux 3.10 2020-11-26T17:13:44.124Z 761 1605.670654296875 #
Vulnerabilities
Id Title Malware Exploit CVSS Risk PublishedOn ModifiedOn Severity Instances generic-icmp-timestamp ICMP timestamp response 0 0 0.0 0.0 1997-08-01 2019-06-11 Moderate 1 generic-tcp-timestamp TCP timestamp response 0 0 0.0 0.0 1997-08-01 2018-03-21 Moderate 1 ssh-3des-ciphers SSH Server Supports 3DES Cipher Suite 0 0 0.0 0.0 2009-02-01 2020-03-31 Moderate 1 ssh-cbc-ciphers SSH CBC vulnerability 0 0 2.6 490.23 2013-02-08 2020-03-31 Moderate 1 ssh-cve-2015-4000 SSH Server Supports diffie-hellman-group1-sha1 0 0 4.3 192.46 2015-05-20 2020-07-13 Severe 1 ssh-cve-2016-2183-sweet32 SSH Birthday attacks on 64-bit block ciphers (SWEET32) 0 1 5.0 531.96 2016-08-24 2020-04-01 Severe 1 ssh-weak-kex-algorithms SSH Server Supports Weak Key Exchange Algorithms 0 0 4.3 391.02 2017-07-13 2020-04-07 Severe 1 #
Services
Name Port Product Protocol SSH 22 OpenSSH tcp
#
nexpose-get-assetsReturns all assets for which you have access.
#
Base Commandnexpose-get-assets
#
InputArgument Name | Description | Required |
---|---|---|
sort | Multiple criteria of <string> The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters separated by a ';'. For example: 'riskScore,DESC;hostName,ASC'. | Optional |
limit | integer <int32> The number of records retrieve. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Nexpose.Asset.AssetId | number | The identifier of the asset. |
Nexpose.Asset.Address | string | The primary IPv4 or IPv6 address of the asset. |
Nexpose.Asset.Name | string | The primary host name (local or FQDN) of the asset. |
Nexpose.Asset.Site | string | Asset site name. |
Nexpose.Asset.Exploits | number | The number of distinct exploits that can exploit any of the vulnerabilities on the asset. |
Nexpose.Asset.Malware | number | The number of distinct malware kits that vulnerabilities on the asset are susceptible to. |
Nexpose.Asset.OperatingSystem | string | Operating system of the asset. |
Nexpose.Asset.Vulnerabilities | number | The total number of vulnerabilities. |
Nexpose.Asset.RiskScore | number | The risk score (with criticality adjustments) of the asset. |
Nexpose.Asset.Assessed | boolean | Whether the asset has been assessed for vulnerabilities at least once. |
Nexpose.Asset.LastScanDate | date | Last scan date of the asset. |
Nexpose.Asset.LastScanId | number | Id of the asset's last scan. |
Endpoint.IP | string | Endpoint IP address. |
Endpoint.HostName | string | Endpoint host name. |
Endpoint.OS | string | Endpoint operating system. |
#
Command Example!nexpose-get-assets
#
Context Example#
Human Readable Output#
Nexpose assets
AssetId Address Name Site Exploits Malware OperatingSystem Vulnerabilities RiskScore Assessed LastScanDate LastScanId 2 192.168.1.1 Test 1 0 Linux 3.10 7 1605.670654296875 true 2020-11-26T17:13:44.124Z 761 3 10.0.0.2 Test 0 0 0 0.0 true 2020-07-27T12:40:34.550Z 402 4 8.8.8.8 0 0 0 0.0 false 2020-07-29T11:11:57.552Z -
#
nexpose-search-assetsReturns all assets for which you have access that match the given search criteria.
#
Base Commandnexpose-search-assets
#
InputArgument Name | Description | Required |
---|---|---|
query | Multiple criteria of <string> Filter to match assets, according to the Search Criteria API standard. multiple filters can be provided using ';' separator. For example: 'ip-address in range 1.2.3.4,1.2.3.8;host-name is myhost'. For more information regarding Search Criteria, refer to https://help.rapid7.com/insightvm/en-us/api/index.html#section/Overview/Responses. | Optional |
limit | integer <int32> The number of records retrieve. | Optional |
sort | Multiple criteria of <string> The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters separated by a ';'. For example: 'riskScore,DESC;hostName,ASC'. | Optional |
ipAddressIs | <string> Search by a specific IP address. | Optional |
hostNameIs | <string> Search by a specific host name. | Optional |
riskScoreHigherThan | <float> Get all assets whose risk score is higher. | Optional |
vulnerabilityTitleContains | <string> Search by vulnerability title. | Optional |
siteIdIn | Multiple criteria of integer<int32> Search by site ids. | Optional |
match | <string> Operator to determine how to match filters. all requires that all filters match for an asset to be included. any requires only one filter to match for an asset to be included. Possible values are: all, any. Default is all. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Nexpose.Asset.AssetId | number | The identifier of the asset. |
Nexpose.Asset.Address | string | The primary IPv4 or IPv6 address of the asset. |
Nexpose.Asset.Name | string | The primary host name (local or FQDN) of the asset. |
Nexpose.Asset.Site | string | Asset site name. |
Nexpose.Asset.Exploits | number | The number of distinct exploits that can exploit any of the vulnerabilities on the asset. |
Nexpose.Asset.Malware | number | The number of distinct malware kits that vulnerabilities on the asset are susceptible to. |
Nexpose.Asset.OperatingSystem | string | Operating system of the asset. |
Nexpose.Asset.Vulnerabilities | number | The total number of vulnerabilities. |
Nexpose.Asset.RiskScore | number | The risk score (with criticality adjustments) of the asset. |
Nexpose.Asset.Assessed | boolean | Whether the asset has been assessed for vulnerabilities at least once. |
Nexpose.Asset.LastScanDate | date | Last scan date of the asset. |
Nexpose.Asset.LastScanId | number | Id of the asset's last scan. |
Endpoint.IP | string | Endpoint IP address. |
Endpoint.HostName | string | Endpoint host name. |
Endpoint.OS | string | Endpoint operating system. |
#
Command Example!nexpose-search-assets ipAddressIs=192.168.1.1
#
Context Example#
Human Readable Output#
Nexpose assets
AssetId Address Site Exploits Malware OperatingSystem RiskScore Assessed LastScanDate LastScanId 2 192.168.1.1 XSOAR Site 1 0 Linux 3.10 1605.670654296875 true 2020-11-26T17:13:44.124Z 761
#
nexpose-get-scanReturns the specified scan.
#
Base Commandnexpose-get-scan
#
InputArgument Name | Description | Required |
---|---|---|
id | Multiple criteria of integer <int64> Identifiers of scans. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Nexpose.Scan.Id | number | The identifier of the scan. |
Nexpose.Scan.ScanType | string | The scan type (automated, manual, scheduled). |
Nexpose.Scan.StartedBy | string | The name of the user that started the scan. |
Nexpose.Scan.Assets | number | The number of assets found in the scan |
Nexpose.Scan.TotalTime | string | The duration of the scan in minutes. |
Nexpose.Scan.Status | string | The scan status. Valid values are aborted, unknown, running, finished, stopped, error, paused, dispatched, integrating |
Nexpose.Scan.Completed | date | The end time of the scan in ISO8601 format. |
Nexpose.Scan.Vulnerabilities.Critical | number | The number of critical vulnerabilities. |
Nexpose.Scan.Vulnerabilities.Moderate | number | The number of moderate vulnerabilities. |
Nexpose.Scan.Vulnerabilities.Severe | number | The number of severe vulnerabilities. |
Nexpose.Scan.Vulnerabilities.Total | number | The total number of vulnerabilities. |
#
Command Example!nexpose-get-scan id=15
#
Context Example#
Human Readable Output#
nexpose-get-asset-vulnerabilityReturns the details and possible remediations for an asset's given vulnerability.
#
Base Commandnexpose-get-asset-vulnerability
#
InputArgument Name | Description | Required |
---|---|---|
id | integer <int64> The identifier of the asset. | Required |
vulnerabilityId | <string> The identifier of the vulnerability. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Nexpose.Asset.AssetId | number | Identifier of the asset. |
Nexpose.Asset.Vulnerability.Id | number | The identifier of the vulnerability. |
Nexpose.Asset.Vulnerability.Title | string | The title (summary) of the vulnerability. |
Nexpose.Asset.Vulnerability.Severity | string | The severity of the vulnerability, one of: "Moderate", "Severe", "Critical". |
Nexpose.Asset.Vulnerability.RiskScore | number | The risk score of the vulnerability, rounded to a maximum of to digits of precision. If using the default Rapid7 Real Riskâ„¢ model, this value ranges from 0-1000. |
Nexpose.Asset.Vulnerability.CVSS | string | The CVSS vector(s) for the vulnerability. |
Nexpose.Asset.Vulnerability.CVSSV3 | string | The CVSS v3 vector. |
Nexpose.Asset.Vulnerability.Published | date | The date the vulnerability was first published or announced. The format is an ISO 8601 date, YYYY-MM-DD. |
Nexpose.Asset.Vulnerability.Added | date | The date the vulnerability coverage was added. The format is an ISO 8601 date, YYYY-MM-DD. |
Nexpose.Asset.Vulnerability.Modified | date | The last date the vulnerability was modified. The format is an ISO 8601 date, YYYY-MM-DD. |
Nexpose.Asset.Vulnerability.CVSSScore | number | The CVSS score, which ranges from 0-10. |
Nexpose.Asset.Vulnerability.CVSSV3Score | number | The CVSS3 score, which ranges from 0-10. |
Nexpose.Asset.Vulnerability.Categories | unknown | All vulnerability categories assigned to this vulnerability. |
Nexpose.Asset.Vulnerability.CVES | unknown | All CVEs assigned to this vulnerability. |
Nexpose.Asset.Vulnerability.Check.Port | number | The port of the service the result was discovered on. |
Nexpose.Asset.Vulnerability.Check.Protocol | string | The protocol of the service the result was discovered on, valid values ip, icmp, igmp, ggp, tcp, pup, udp, idp, esp, nd, raw |
Nexpose.Asset.Vulnerability.Check.Since | date | The date and time the result was first recorded, in the ISO8601 format. If the result changes status this value is the date and time of the status change. |
Nexpose.Asset.Vulnerability.Check.Proof | string | The proof explaining why the result was found vulnerable. |
Nexpose.Asset.Vulnerability.Check.Status | string | The status of the vulnerability check result. Valid values are, unknown, not-vulnerable, vulnerable, vulnerable-version, vulnerable-potential, vulnerable-with-exception-applied, vulnerable-version-with-exception-applied, vulnerable-potential-with-exception-applied |
Nexpose.Asset.Vulnerability.Solution.Type | string | The type of the solution. One of: "Configuration", "Rollup patch", "Patch". |
Nexpose.Asset.Vulnerability.Solution.Summary | string | The summary of the solution. |
Nexpose.Asset.Vulnerability.Solution.Steps | string | The steps required to remediate the vulnerability. |
Nexpose.Asset.Vulnerability.Solution.Estimate | string | The estimated duration to apply the solution, in minutes. |
Nexpose.Asset.Vulnerability.Solution.AdditionalInformation | string | Additional information or resources that can assist in applying the remediation |
CVE.ID | string | Common Vulnerabilities and Exposures ids |
#
Command Example!nexpose-get-asset-vulnerability id=37 vulnerabilityId=apache-httpd-cve-2017-3169
#
Context Example#
Human Readable Output#
nexpose-create-siteCreates a new site with the specified configuration.
#
Base Commandnexpose-create-site
#
InputArgument Name | Description | Required |
---|---|---|
name | <string> The site name. Name must be unique. | Required |
description | <string> The site's description. | Optional |
assets | Multiple criteria of <string> Specify asset addresses to be included in site scans. | Required |
scanTemplateId | <string> The identifier of a scan template. Use nexpose-get-report-templates to get all templates, default scan template is selected when not specified. . | Optional |
importance | <string> The site importance. Defaults to "normal" if not specified. Possible values are: very_low, low, normal, high, very_high. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Nexpose.Site.Id | number | The created site Id |
#
Command Example!nexpose-create-site name="site_test" assets="127.0.0.1"
#
Context Example#
Human Readable Output#
New site created
Id 2
#
nexpose-delete-siteDeletes a site.
#
Base Commandnexpose-delete-site
#
InputArgument Name | Description | Required |
---|---|---|
id | Id of the site to delete. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!nexpose-delete-site id=1258
#
Human Readable OutputSite 1258 deleted
#
nexpose-get-sitesRetrieves accessible sites.
#
Base Commandnexpose-get-sites
#
InputArgument Name | Description | Required |
---|---|---|
limit | integer <int32> The number of records retrieve. | Optional |
sort | Multiple criteria of <string> The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters separated by a ';'. For example: 'riskScore,DESC;hostName,ASC'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Nexpose.Site.Id | number | The identifier of the site. |
Nexpose.Site.Name | string | The site name. |
Nexpose.Site.Assets | number | The number of assets that belong to the site. |
Nexpose.Site.Type | string | The type of the site. Valid values are agent, dynamic, static |
Nexpose.Site.Vulnerabilities | number | The total number of vulnerabilities. |
Nexpose.Site.Risk | number | The risk score (with criticality adjustments) of the site. |
Nexpose.Site.LastScan | date | The date and time of the site's last scan. |
#
Command Example!nexpose-get-sites
#
Context Example#
Human Readable Output#
Nexpose sites
Id Name Assets Vulnerabilities Risk Type LastScan 1 XSOAR 8 484 213967.0 static 2020-10-01T22:43:17.717Z 1 XSOAR Site 3 7 1606.0 static 2020-11-26T17:13:54.117Z
#
nexpose-get-report-templatesReturns all available report templates.
#
Base Commandnexpose-get-report-templates
#
InputThere are no input arguments for this command.
#
Context OutputPath | Type | Description |
---|---|---|
Nexpose.Template.Id | number | The identifier of the report template. |
Nexpose.Template.Name | string | The name of the report template. |
Nexpose.Template.Description | string | The description of the report template. |
Nexpose.Template.Type | string | The type of the report template. document is a templatized, typically printable, report that has various sections of content. export is data-oriented output, typically CSV. file is a printable report template using a report template file. |
#
Command Example!nexpose-get-report-templates
#
Context Example#
Human Readable Output#
Nexpose templates
Id Name Description Type audit-report Audit Report Provides comprehensive details about discovered assets, vulnerabilities, and users. document baseline-comparison Baseline Comparison Compares current scan results to those of an earlier baseline scan. document
#
nexpose-create-assets-reportGenerates a new report on given assets according to a template and arguments.
#
Base Commandnexpose-create-assets-report
#
InputArgument Name | Description | Required |
---|---|---|
assets | Multiple criteria of integer<int64> Asset ids to create the report on, comma separated. | Required |
template | <string> Report template id to create the report with. If none is provided, the first template available will be used. | Optional |
name | <string> The report name. | Optional |
format | <string> The report format, default is PDF. Possible values are: pdf, rtf, xml, html, text. | Optional |
download_immediately | If true, downloads the report immediately after the report is generated. The default is "true". If the report takes longer than 10 seconds to generate, set to "false". | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
InfoFile.EntryId | string | Entry Id of the report file. |
InfoFile.Name | string | Name of the report file. |
InfoFile.Extension | string | File extension of the report file. |
InfoFile.Info | string | Information about the report file. |
InfoFile.Size | number | Size of the report file (in bytes). |
InfoFile.Type | string | Type of the report file. |
Nexpose.Report.ID | string | The identifier of the report. |
Nexpose.Report.InstanceID | string | The identifier of the report instance. |
Nexpose.Report.Name | string | The report name. |
Nexpose.Report.Format | string | The report format. |
#
Command Example!nexpose-create-assets-report assets="1,2,3,4
#
Context Example#
Human Readable OutputReturned file: report 2018-08-20 11:41:54.343571.pdf Download
#
nexpose-create-sites-reportGenerates a new report on given sites according to a template and arguments.
#
Base Commandnexpose-create-sites-report
#
InputArgument Name | Description | Required |
---|---|---|
sites | Multiple criteria of integer<int32> Site ids to create the report on, comma separated. | Required |
template | <string> Report template id to create the report with. If none is provided, the first template available will be used. | Optional |
name | <string> The report name. | Optional |
format | <string> The report format, default is PDF. Possible values are: pdf, rtf, xml, html, text. | Optional |
download_immediately | If true, downloads the report immediately after the report is generated. The default is "true". If the report takes longer than 10 seconds to generate, set to "false". | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
InfoFile.EntryId | string | Entry Id of the report file. |
InfoFile.Name | string | Name of the report file. |
InfoFile.Extension | string | File extension of the report file. |
InfoFile.Info | string | Information about the report file. |
InfoFile.Size | number | Size of the report file (in bytes). |
InfoFile.Type | string | Type of the report file. |
Nexpose.Report.ID | string | The identifier of the report. |
Nexpose.Report.InstanceID | string | The identifier of the report instance. |
Nexpose.Report.Name | string | The report name. |
Nexpose.Report.Format | string | The report format. |
#
Command Example!nexpose-create-sites-report sites=1 name="XSOAR Report1"
#
Context Example#
Human Readable OutputReturned file: XSOAR Report.pdf Download
#
nexpose-create-scan-reportGenerates a new report for a specified scan.
#
Base Commandnexpose-create-scan-report
#
InputArgument Name | Description | Required |
---|---|---|
scan | integer <int64> The identifier of the scan. | Required |
template | <string> Report template id to create the report with. If none is provided, the first template available will be used. | Optional |
name | <string> The report name. | Optional |
format | <string> The report format, default is PDF. Possible values are: pdf, rtf, xml, html, text. | Optional |
download_immediately | If true, downloads the report immediately after the report is generated. The default is "true". If the report takes longer than 10 seconds to generate, set to "false". | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
InfoFile.EntryId | string | Entry Id of the report file. |
InfoFile.Name | string | Name of the report file. |
InfoFile.Extension | string | File extension of the report file. |
InfoFile.Info | string | Information about the report file. |
InfoFile.Size | number | Size of the report file (in bytes). |
InfoFile.Type | string | Type of the report file. |
Nexpose.Report.ID | string | The identifier of the report. |
Nexpose.Report.InstanceID | string | The identifier of the report instance. |
Nexpose.Report.Name | string | The report name. |
Nexpose.Report.Format | string | The report format. |
#
Command Example!nexpose-create-scan-report scan=245 name="XSOAR test" download_immediately=false
#
Context Example#
Human Readable Output#
Report Information
Format ID InstanceID Name 1987 1980 XSOAR test
#
nexpose-start-site-scanStarts a scan for the specified site.
#
Base Commandnexpose-start-site-scan
#
InputArgument Name | Description | Required |
---|---|---|
site | integer <int32> The identifier of the site. | Required |
hosts | Multiple criteria of <string> The hosts that should be included as a part of the scan. This should be a mixture of IP Addresses and host names as a comma separated string array. | Optional |
name | <string> The user-driven scan name for the scan. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Nexpose.Scan.Id | number | The identifier of the scan. |
Nexpose.Scan.ScanType | string | The scan type (automated, manual, scheduled). |
Nexpose.Scan.StartedBy | date | The name of the user that started the scan. |
Nexpose.Scan.Assets | number | The number of assets found in the scan |
Nexpose.Scan.TotalTime | string | The duration of the scan in minutes. |
Nexpose.Scan.Completed | date | The end time of the scan in ISO8601 format. |
Nexpose.Scan.Status | string | The scan status. Valid values are aborted, unknown, running, finished, stopped, error, paused, dispatched, integrating |
Nexpose.Scan.Vulnerabilities.Critical | number | The number of critical vulnerabilities. |
Nexpose.Scan.Vulnerabilities.Moderate | number | The number of moderate vulnerabilities. |
Nexpose.Scan.Vulnerabilities.Severe | number | The number of severe vulnerabilities. |
Nexpose.Scan.Vulnerabilities.Total | number | The total number of vulnerabilities. |
#
Command Example!nexpose-start-site-scan site=2 hosts=127.0.0.1
#
Context Example#
Human Readable Output#
nexpose-start-assets-scanStarts a scan for specified asset IP addresses and host names.
#
Base Commandnexpose-start-assets-scan
#
InputArgument Name | Description | Required |
---|---|---|
IPs | Multiple criteria of <string> IP addresses of assets, comma separated. | Optional |
hostNames | Multiple criteria of <string> Host names of assets, comma separated. | Optional |
name | <string> The user-driven scan name for the scan. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Nexpose.Scan.Id | number | The identifier of the scan. |
Nexpose.Scan.ScanType | string | The scan type (automated, manual, scheduled). |
Nexpose.Scan.StartedBy | date | The name of the user that started the scan. |
Nexpose.Scan.Assets | number | The number of assets found in the scan |
Nexpose.Scan.TotalTime | string | The duration of the scan in minutes. |
Nexpose.Scan.Completed | date | The end time of the scan in ISO8601 format. |
Nexpose.Scan.Status | string | The scan status. Valid values are aborted, unknown, running, finished, stopped, error, paused, dispatched, integrating |
Nexpose.Scan.Vulnerabilities.Critical | number | The number of critical vulnerabilities. |
Nexpose.Scan.Vulnerabilities.Moderate | number | The number of moderate vulnerabilities. |
Nexpose.Scan.Vulnerabilities.Severe | number | The number of severe vulnerabilities. |
Nexpose.Scan.Vulnerabilities.Total | numberFF | The total number of vulnerabilities. |
#
Command Example!nexpose-start-assets-scan IPs=127.0.0.1
#
Context Example#
Human Readable Output#
nexpose-stop-scanStop the specified scan
#
Base Commandnexpose-stop-scan
#
InputArgument Name | Description | Required |
---|---|---|
id | integer <int64> ID of the scan to stop. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!nexpose-stop-scan id=143200
#
Human Readable OutputSuccessfully stopped the scan
#
nexpose-pause-scanPause the specified scan
#
Base Commandnexpose-pause-scan
#
InputArgument Name | Description | Required |
---|---|---|
id | integer <int64> ID of the scan to pause. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!nexpose-pause-scan id=143200
#
Human Readable OutputSuccessfully paused the scan
#
nexpose-resume-scanResume the specified scan
#
Base Commandnexpose-resume-scan
#
InputArgument Name | Description | Required |
---|---|---|
id | integer <int64> ID of the scan to resume. | Required |
#
Context OutputThere is no context output for this command.
#
Command Example!nexpose-resume-scan id=143200
#
Human Readable OutputSuccessfully resumed the scan
#
nexpose-get-scansReturns a list of scans.
#
Base Commandnexpose-get-scans
#
InputArgument Name | Description | Required |
---|---|---|
active | <boolean> Return active or past scans. Possible values are: true, false. Default is true. | Optional |
limit | integer <int32> The number of records retrieve. Default is 10. | Optional |
sort | Multiple criteria of <string> The criteria to sort the records by, in the format: property[,ASC|DESC]. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters separated by a ';'. For example: 'riskScore,DESC;hostName,ASC'. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
Nexpose.Scan.Id | number | The identifier of the scan. |
Nexpose.Scan.ScanType | string | The scan type (automated, manual, scheduled). |
Nexpose.Scan.StartedBy | date | The name of the user that started the scan. |
Nexpose.Scan.Assets | number | The number of assets found in the scan |
Nexpose.Scan.TotalTime | string | The duration of the scan in minutes. |
Nexpose.Scan.Completed | date | The end time of the scan in ISO8601 format. |
Nexpose.Scan.Status | string | The scan status. Valid values are aborted, unknown, running, finished, stopped, error, paused, dispatched, integrating |
#
Command Example!nexpose-get-scans active=false
#
Context Example#
Human Readable Output#
Nexpose scans
Id ScanType ScanName Assets TotalTime Completed Status 1 Manual Tue 03 Dec 2019 10:47 PM 0 5.26666666667 minutes 2019-12-03T20:48:01.368Z finished 2 Manual Tue 03 Dec 2019 10:52 PM 0 1.51666666667 minutes 2019-12-03T20:53:09.453Z finished 3 Manual Test scan 1 10.7833333333 minutes 2020-04-20T13:57:00.647Z finished
#
nexpose-download-reportReturns the generated report.
#
Base Commandnexpose-download-report
#
InputArgument Name | Description | Required |
---|---|---|
report_id | The identifier of the report. | Required |
instance_id | The identifier of the report instance. Also supports the "latest" keyword. | Required |
name | The report name. | Optional |
format | The report format, default is pdf. Possible values are: pdf, rtf, xml, html, text. Default is pdf. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
InfoFile.EntryId | string | Entry Id of the report file. |
InfoFile.Name | string | Name of the report file. |
InfoFile.Extension | string | File extension of the report file. |
InfoFile.Info | string | Information about the report file. |
InfoFile.Size | number | Size of the report file (in bytes). |
InfoFile.Type | string | Type of the report file. |
#
Command Example!nexpose-download-report report_id=1983 instance_id=1976
#
Context Example#
nexpose-get-report-statusReturns the status of a report generation process.
#
Base Commandnexpose-get-report-status
#
InputArgument Name | Description | Required |
---|---|---|
report_id | The identifier of the report. | Required |
instance_id | The identifier of the report instance. Also supports the "latest" keyword. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
Nexpose.Report.ID | string | The identifier of the report. |
Nexpose.Report.InstanceID | string | The identifier of the report instance. |
Nexpose.Report.Status | string | The status of the report generation process. Valid values: "aborted", "failed", "complete", "running", "unknown" |
#
Command Example!nexpose-get-report-status report_id=1983 instance_id=1976
#
Context Example#
Human Readable Output#
Report Generation Status
ID InstanceID Status 1983 1976 complete
#
Troubleshooting- In case of a timeout error, the API server address or port may be incorrect.
- In case of a
400 Bad Request
error, incorrect values were provided to an API resource, e.g incorrect search fields. - In case of a
401 Unauthorized
error, incorrect credentials were provided or there are insufficient privileges for a specific resource. - In case of a
404 Not Found
error, a specified resource was not found, e.g a vulnerability that doesn't exist in an asset.