Welcome to Nexpose
Nexpose with InsightVM is a data-rich resource that can amplify the other solutions in your tech stack, from SIEMs and firewalls to ticketing systems. InsightVM brings together Rapid7’s library of vulnerability research knowledge from Nexpose, exploit knowledge from Metasploit, global attacker behavior, internet-wide scanning data, exposure analytics, and real-time reporting.
Your installation has the following components:
|Security Console||This is the component you’ll use to create sites, run scans, generate reports, and much more. The Security Console is accessed via a web-based user interface through any of our supported browsers.|
|Scan Engine||Scan Engines are responsible for performing scan jobs on your assets. Note that Scan Engines only store scan data temporarily before sending it back to the Security Console for integration and long-term storage.|
Nexpose utilizes the Security Console for on-premises vulnerability scanning and system management. The Security Console core features allow you to identify risk in your environment, organize your devices, and prioritize remediation.
Run scans to extensively probe your devices for known vulnerabilities, exploits, and policy rules. Create sites to logically group your assets for targeted scans. The Security Console uses Scan Engines to perform the actual scan job, and you can configure/distribute them in a way that is best for your environment.
Choose between several built-in Scan Templates (such as CIS policy compliance or Full audit without Web Spider) to determine which checks are performed for a particular scan. You can also tailor your own Scan Templates to quickly search for the vulnerabilities and policies that matter the most to your organization. Create scan schedules to automate your scan jobs and keep your security team informed on a regular basis.
Organize your scanned assets into dynamic or static asset groups according to a variety of traits, such as location, operating system, and owner. Use the Security Console’s tagging system to adjust risk scores and prioritize remediation for your most critical assets. Run filtered asset searches to find scanned assets based on over 40 unique parameters.
Generate reports of your scan results so your security teams know what to fix and how. Make use of our built-in report templates or leverage SQL query exports for fully customizable reports. The following example cases highlight some of our most popular report templates:
- Leverage the Top Remediation report to prioritize the remediations that lead to the greatest reduction in risk.
- If you’re a business that handles credit card transactions, use the PCI report to prepare for an upcoming PCI audit.
- Generate the Vulnerability Trends report to examine your total detected assets, vulnerabilities, and exploits over custom date ranges.
InsightVM offers far more advanced functionality than we can cover in the scope of this guide, but we can talk about those features later. For now, just keep these core features in mind as they are the tools you’ll be using day to day.
Distributed Scan Engines are separate from the Security Console and are strategically provisioned and located in a way that makes your scanning environment as efficient as possible. If you intend to maintain a production deployment of the Security Console, distributed Scan Engines are an absolute necessity.
Scan Engine deployment overview
Deploying a distributed Scan Engine involves the following procedures:
- Installing a new Scan Engine on a separate host machine
- Pairing the Scan Engine to the Security Console according to your communication method of choice
- Refreshing the Scan Engine in the Security Console to verify that the pairing was successful
Scan Engine and Security Console communication
Scan Engines and Security Consoles must be able to communicate with each other in order to initiate scans and integrate scan data. Distributed Scan Engines can communicate with a Security Console in two ways:
|Standard (Console-to-Engine)||This is the most common communication method for a distributed Scan Engine. When the Security Console determines that a scan needs to take place on your target assets, it initiates the connection to communicate with the Scan Engine. |
As a result, Scan Engines must allow inbound traffic on the default port of 40814 in order to create this connection.
|Reverse (Engine-to-Console)||The engine-to-console communication method, which is implemented by a “reverse” pairing procedure, is useful in cases where your security policies restrict inbound connections to the network hosting the scan engine. In engine-to-console configurations, the Scan Engine routinely pings the Security Console to see if a scan job needs to be run. If the Security Console does in fact have a scan job ready, it accepts the connection from the Scan Engine and the communication channel is established. |
As a result, Security Consoles must allow inbound traffic on the default port of 40815 in order to create this connection.
Scan engines and the Insight Platform
Pairing your Scan Engines to the Insight Platform provides you with connectivity indicators, scan job metrics, and host resource usage figures for each applicable engine in your environment.
Get started with Nexpose and InsightVM
For the fastest time to value, get started with our InsightVM Quick Start Guide.