runZero integrates with Rapid7 Nexpose by importing files that were exported from your Nexpose instance.
Getting started with Rapid7 Nexpose
To use the Rapid7 Nexpose integration, you’ll need to:
- Download an XML Export or XML Export 2.0 report from Nexpose.
- Import the Nexpose files through the inventory pages.
Before you can set up the Nexpose integration:
- Verify that you have runZero Enterprise.
- Make sure you have access to the Nexpose portal.
Step 1: Export Nexpose vulnerability scan report
- Log in to Nexpose with the account being used for the runZero integration.
- Go to the Reports page and select
Create a report.
- From the Export tab, select either XML Report or XML Report 2.0.
- Set the scan, asset, asset group, or site scope.
Save & Run the Report.
- When the report completes, save the report to a local file.
Step 2: Import the Nexpose files into runZero
- Go to the Inventory page in runZero.
- Choose Import > Nexpose XML Export (.xml) from the list of import types.
- On the import data page:
- Choose the site you want to add your assets to.
- Set tags to apply to the imported assets (optional).
- Set the severity and risk levels to ingest (optional).
- Set the Fingerprint only toggle to
Yesif you want vulnerability records to be ingested for fingerprint analysis but not stored in your runZero vulnerability inventory (optional).
Step 3: View Nexpose assets and vulnerabilities
After a successful sync, you can go to your inventory to view your Nexpose assets. These assets will have a Rapid7 icon listed in the Source column.
The Nexpose integration gathers details about vulnerabilities detected in addition to enriching asset inventory data. Go to Inventory > Vulnerabilities to view the vulnerability data provided by Nexpose.
To filter by Rapid7 assets, consider running the following queries:
- View all Rapid7 assets:
Click into each asset to see its individual attributes. runZero will show you the attributes gathered from the Nexpose scan file.
If you are having trouble using this integration, the questions and answers below may assist in your troubleshooting.
Why is the Rapid7 Nexpose integration unable to connect?
- Are you getting any data from the Rapid7 Nexpose integration?
- Make sure to query the inventory rather than look at the task details to review all the data available from this integration.
- In some cases, integrations have a configuration set that limits the amount of data that comes into the runZero console.
- Some integrations requires very specific actions that are easy to overlook. If a step is missed when setting up the intergration, it may not work correctly. Please review this documentation and follow the steps exactly.
- If the Rapid7 Nexpose integration is unable to connect be sure to check the task log for errors. Some common errors include:
- 500 - server error, unable to connect to the endpoint
- 404 - hitting an unknown endpoint on the server
- 403 - not authorized, likely a credential issue
- Verify you are running the integration task from an Explorer with access to the Nexpose host.