cancel
Showing results for 
Search instead for 
Did you mean: 
jameskhow
Level 7

DXL integration with Rapid7 Nexpose

Hi,

Can someone help me as I've done the integration of ePO (5.3), TIE, DXL and on prem Nexpose (6.4.57) with all the required extensions and modules including an endpoint pc with VSE 8.8 installed. However, from the dashboard the "Rapid 7 Nexpose Insight Summary" is always blank. I've done scanning from nexpose to this endpoint and there are many vulnerabilities and the score is > 2,000.

if I look into the access logs in the epo server there is a request made for the summary that looks like the following:

[04/Oct/2017:17:00:33 +0800] 192.168.x.x GET /remote/nexpose.listComputerDetails.do?filterTimeStamp=1507018430407&%3Aoutput=json HTTP/1.1 - 401 [http-bio-8443-exec-15] [34E50D9081A64A1DA958EB3E04C907CF.route1] 0ms
[04/Oct/2017:17:00:44 +0800] 192.168.x.x GET /remote/nexpose.listComputerDetails.do?filterTimeStamp=1507018430407&%3Aoutput=json HTTP/1.1 694 200 [http-bio-8443-exec-18] [B49329652501F6326B015D6C40B214A0.route1] 169ms

OK:
[ { "agentGUID" : "4D4F2E22-A75A-11E7-102F-000C294731DA", "hostname" : "tie12.localhost", "ipaddress" : "192.168.y.y", "lastUpdatedTimeStamp" : 1507094030887, "macAddress" : "000C294731DA", "nodeID" : 2, "tenantID" : 1 }, { "agentGUID" : "7B3F7F4C-3117-4270-902B-656F1C2ED503", "hostname" : "IE11Win7.localdomain", "ipaddress" : "192.168.z.z", "lastUpdatedTimeStamp" : 1507107098723, "macAddress" : "000C29042040", "nodeID" : 3, "tenantID" : 1 }, { "agentGUID" : "136708D0-B6FE-E75B-E3F7-1BF79A7EE676", "hostname" : "localhost.localdomain", "ipaddress" : "192.168.P.P", "lastUpdatedTimeStamp" : 1507104556450, "macAddress" : "00:50:56:34:a4:c2", "nodeID" : 4, "tenantID" : 1 } ]

Where else can I look into this issue to isolate the problem?

Thanks in advance.

regards

James

0 Kudos
1 Reply
catdaddy
Level 20

Re: DXL integration with Rapid7 Nexpose

Discussion successfully moved from Business to ePolicy Orchestrator (ePO)

Cliff
McAfee Volunteer
0 Kudos