1 Reply Latest reply on Oct 4, 2017 10:17 AM by catdaddy

    DXL integration with Rapid7 Nexpose

    jameskhow

      Hi,

       

      Can someone help me as I've done the integration of ePO (5.3), TIE, DXL and on prem Nexpose (6.4.57) with all the required extensions and modules including an endpoint pc with VSE 8.8 installed. However, from the dashboard the "Rapid 7 Nexpose Insight Summary" is always blank. I've done scanning from nexpose to this endpoint and there are many vulnerabilities and the score is > 2,000.

       

      if I look into the access logs in the epo server there is a request made for the summary that looks like the following:

       

      [04/Oct/2017:17:00:33 +0800] 192.168.x.x GET /remote/nexpose.listComputerDetails.do?filterTimeStamp=1507018430407&%3Aoutput= json HTTP/1.1 - 401 [http-bio-8443-exec-15] [34E50D9081A64A1DA958EB3E04C907CF.route1] 0ms
      [04/Oct/2017:17:00:44 +0800] 192.168.x.x GET /remote/nexpose.listComputerDetails.do?filterTimeStamp=1507018430407&%3Aoutput= json HTTP/1.1 694 200 [http-bio-8443-exec-18] [B49329652501F6326B015D6C40B214A0.route1] 169ms

      OK:
      [ { "agentGUID" : "4D4F2E22-A75A-11E7-102F-000C294731DA", "hostname" : "tie12.localhost", "ipaddress" : "192.168.y.y", "lastUpdatedTimeStamp" : 1507094030887, "macAddress" : "000C294731DA", "nodeID" : 2, "tenantID" : 1 }, { "agentGUID" : "7B3F7F4C-3117-4270-902B-656F1C2ED503", "hostname" : "IE11Win7.localdomain", "ipaddress" : "192.168.z.z", "lastUpdatedTimeStamp" : 1507107098723, "macAddress" : "000C29042040", "nodeID" : 3, "tenantID" : 1 }, { "agentGUID" : "136708D0-B6FE-E75B-E3F7-1BF79A7EE676", "hostname" : "localhost.localdomain", "ipaddress" : "192.168.P.P", "lastUpdatedTimeStamp" : 1507104556450, "macAddress" : "00:50:56:34:a4:c2", "nodeID" : 4, "tenantID" : 1 } ]

       

      Where else can I look into this issue to isolate the problem?

       

      Thanks in advance.

       

      regards

      James