Platform
- TECHNOLOGY
  The Rapid7 Command Platform
  AI-Powered Cybersecurity Platform
  Explore
Products
- NEW!
  Exposure Command
  Take Command of Your Attack Surface
  Request Demo
- DETECTION & RESPONSE
- Next-Gen SIEM
  INSIGHTIDR
- Threat Intelligence
  THREAT COMMAND
Services
- MXDR
  Managed Threat Complete
  24x7 MXDR to secure your extended ecosystem
  Request Demo
- DETECTION & RESPONSE
- Managed XDR
  MANAGED THREAT COMPLETE
- Incident Response Services
  EXPERIENCING A BREACH?
Resources
- NEW
  The 2024 Attack Intelligence Report
  Read the latest research by Rapid7 Labs
  READ NOW
Company
Partners
Sign In

Documentation

Nexpose

Platform
- TECHNOLOGY
  The Rapid7 Command Platform
  AI-Powered Cybersecurity Platform
  Explore
Products
- NEW!
  Exposure Command
  Take Command of Your Attack Surface
  Request Demo
- DETECTION & RESPONSE
- Next-Gen SIEM
  INSIGHTIDR
- Threat Intelligence
  THREAT COMMAND
Services
- MXDR
  Managed Threat Complete
  24x7 MXDR to secure your extended ecosystem
  Request Demo
- DETECTION & RESPONSE
- Managed XDR
  MANAGED THREAT COMPLETE
- Incident Response Services
  EXPERIENCING A BREACH?
Resources
- NEW
  The 2024 Attack Intelligence Report
  Read the latest research by Rapid7 Labs
  READ NOW
Company
Partners

Sign In

Documentation
Nexpose
Release Notes

Docs Menu

Get Started

Welcome to Nexpose
Quick Start Guide
- System Requirements
- Download
Tour the Home Page
- Changes to the Security Console Administration page
Service start, stop, and status controls
Nexpose glossary of terms

Sites

What is a site?
Creating your first site
Site creation use cases
Create and edit sites
Giving users access to a site
Adding assets to sites
Best practices for adding assets
Deleting sites
Site Detail View

Scan Engines

Scan Engines
Distributed Scan Engines
Post-Installation Engine-to-Console Pairing
External Scanning Service
Scan Engine Pools
Containerized Scan Engine
AWS Scan Engines
Azure Scan Engines
Scan Engine Communication Methods
Scan Engine Data Collection - Rules and Details

Scan Assistant

Using the Scan Assistant

Scan Templates

Selecting a scan template
Scanning with multiple templates
Scan templates appendix
Authenticated Discovery Scans
Configuring Web spidering

Scan Credentials

Configuring scan credentials
Maximizing security with credentials
Configuring site-specific scan credentials
Managing shared scan credentials
Creating and Managing CyberArk Credentials
Kerberos Credentials for Authenticated Scans
Using SSH public key authentication
Elevating permissions
Database scanning credential requirements
Using LM/NTLM hash authentication
Authentication on Windows: best practices
Authentication on Unix and related targets: best practices
Using PowerShell with your scans

Alerts and Schedules

Setting up scan alerts
Schedule a scan
Schedule scan blackouts
Export your Calendar

Dynamic Discovery

Managing dynamic discovery of assets
Discovering mobile devices
Discovering Amazon Web Services instances
Discovering Microsoft Azure instances
Discovering Virtual Machines Managed by VMware vCenter or ESX/ESXi
Discovering Assets through DHCP Log Queries
Discovering Assets managed by McAfee ePolicy Orchestrator
Discovering vulnerability data collected by McAfee Data Exchange Layer (DXL)
Discovering Assets managed by Active Directory
Creating and managing Dynamic Discovery connections
Initiating Dynamic Discovery
Using filters to refine Dynamic Discovery
Monitoring Dynamic Discovery
Configuring a site using a Dynamic Discovery connection

Other Scanning Resources

Working with Project Sonar
Importing AppSpider scan data
Running a manual scan
Understanding different scan engine statuses and states
Viewing scan results and scan logs
Scan threads and port statuses
Stopping all in-progress scans
Automating security actions in changing environments
Enabling Remote Registry Activation
Working with Containers
Configuring scan authentication on target Web applications
- Creating a logon for Web site form authentication
- Creating a logon for Web site session authentication with HTTP headers
Measuring scan performance and time
Scanning a load balancer
Using the Metasploit Remote Check Service

Assess

Assess
Locating and working with assets
Fingerprint certainty
Applying RealContext with tags
Working with vulnerabilities
Vulnerability metrics explained
Vulnerability exceptions
Policy Manager
Policy rule overrides
Scanning for specific vulnerabilities

Act

Working with asset groups
Performing filtered asset searches
Creating a dynamic or static asset group from asset searches

Reports

Working with reports
Report templates and sections
Creating a basic report
Viewing, editing, and running reports
Working with risk trends in reports
For ASVs: Consolidating three report templates into one custom template
Distributing, sharing, and exporting reports
Configuring data warehousing settings
Configuring custom report templates
Understanding report content
Working with report formats
Report start times and durations
Upload externally created report templates signed by Rapid7

SQL Query Export

Creating reports based on SQL queries
Understanding the reporting data model: Overview and query design
Understanding the reporting data model: Facts
Understanding the reporting data model: Dimensions
Understanding the reporting data model: Functions
SQL Query Export examples

Tune

Tune
Working with scan templates and tuning scan performance
Configuring custom scan templates
Configuring asset discovery
Configuring service discovery
Selecting vulnerability checks
Selecting Policy Manager checks
Configuring verification of standard policies
Configuring scans of various types of servers
Configuring File Searches on Target Systems
Using other tuning options
Managing certificates for scanning
Creating a custom policy
Uploading custom SCAP policies
Risk Strategies
Adjusting risk with criticality
Sending custom fingerprints to paired Scan Engines
Scan property tuning options for specific use cases

Users and Authentication

Managing users and authentication
Setting password policies
Two factor authentication
LDAP authentication
Kerberos authentication
Configure SSO authentication
Remove an authentication source from Nexpose
How to reset a password

Manage

Managing the Security Console
Configure HTTPS Options
PostgreSQL 15.6 Database Migration Guide
Planning a deployment
Database Backup, Restore, and Data Retention
Managing versions, updates, and licenses
SCAP compliance
Live Licensing
Setting Up a Sonar Query
Enabling FIPS mode
Using the command console
Troubleshooting
Running the Windows uninstaller
Running the Linux uninstaller
Configuring maximum performance in an enterprise environment
Define your goals
Ensuring complete coverage
Planning your Scan Engine Deployment
Setting up the application and getting started
Planning for Capacity Requirements
Bulk asset delete operations
Using a proxy server

Integrations

Amazon Web Services (AWS)
Amazon Web Services FAQs

Resources

Resources
RESTful API
Finding out what features your license supports
Application encryption types
Linking assets across sites
Using regular expressions
Using Exploit Exposure
Performing configuration assessment
Nexpose Physical Appliance
Virtual Appliance Guide
Patching Appliances for Meltdown/Spectre
Recurring vulnerability coverage

Release Notes

Nexpose release notes

Support

Investigate false positives
Contact the Rapid7 Support Team
Share an idea with Rapid7
Finding out what features your license supports

End-of-life Announcements

BeyondTrust (Previously Liberman) Privileged Identity End-of-Life announcement
Manage Engine Service Desk legacy integration End-of-Life announcement
Thycotic legacy integration End-of-Life announcement
Internet Explorer 11 browser support end-of-life announcement
Legacy data warehouse and report database export End-of-Life announcement
Amazon Web Services (AWS) legacy discovery connection End-of-Life announcement
NSX Manager End-of-Life announcement
Legacy CyberArk ruby gem End-of-Life announcement
ServiceNow ruby gem End-of-Life announcement
Legacy Imperva integration End-of-Life announcement
Cisco FireSight (previously Sourcefire) ruby gem integration End-of-Life announcement
Microsoft System Center Configuration Manager (SCCM) ruby gem integration End-of-Life announcement
TLS 1.0 and 1.1 support for Insight solutions End-of-Life announcement

On This Page

Create a new SAML Application in Duo
- Add Service Provider metadata to Duo
- Configure attributes in Duo
Download and upload metadata
Create a user in the Security Console
Authenticate to InsightVM using SAML

Get Started

Welcome to Nexpose
Quick Start Guide
- System Requirements
- Download
Tour the Home Page
- Changes to the Security Console Administration page
Service start, stop, and status controls
Nexpose glossary of terms

Sites

What is a site?
Creating your first site
Site creation use cases
Create and edit sites
Giving users access to a site
Adding assets to sites
Best practices for adding assets
Deleting sites
Site Detail View

Scan Engines

Scan Engines
Distributed Scan Engines
Post-Installation Engine-to-Console Pairing
External Scanning Service
Scan Engine Pools
Containerized Scan Engine
AWS Scan Engines
Azure Scan Engines
Scan Engine Communication Methods
Scan Engine Data Collection - Rules and Details

Scan Assistant

Using the Scan Assistant

Scan Templates

Selecting a scan template
Scanning with multiple templates
Scan templates appendix
Authenticated Discovery Scans
Configuring Web spidering

Scan Credentials

Configuring scan credentials
Maximizing security with credentials
Configuring site-specific scan credentials
Managing shared scan credentials
Creating and Managing CyberArk Credentials
Kerberos Credentials for Authenticated Scans
Using SSH public key authentication
Elevating permissions
Database scanning credential requirements
Using LM/NTLM hash authentication
Authentication on Windows: best practices
Authentication on Unix and related targets: best practices
Using PowerShell with your scans

Alerts and Schedules

Setting up scan alerts
Schedule a scan
Schedule scan blackouts
Export your Calendar

Dynamic Discovery

Managing dynamic discovery of assets
Discovering mobile devices
Discovering Amazon Web Services instances
Discovering Microsoft Azure instances
Discovering Virtual Machines Managed by VMware vCenter or ESX/ESXi
Discovering Assets through DHCP Log Queries
Discovering Assets managed by McAfee ePolicy Orchestrator
Discovering vulnerability data collected by McAfee Data Exchange Layer (DXL)
Discovering Assets managed by Active Directory
Creating and managing Dynamic Discovery connections
Initiating Dynamic Discovery
Using filters to refine Dynamic Discovery
Monitoring Dynamic Discovery
Configuring a site using a Dynamic Discovery connection

Other Scanning Resources

Working with Project Sonar
Importing AppSpider scan data
Running a manual scan
Understanding different scan engine statuses and states
Viewing scan results and scan logs
Scan threads and port statuses
Stopping all in-progress scans
Automating security actions in changing environments
Enabling Remote Registry Activation
Working with Containers
Configuring scan authentication on target Web applications
- Creating a logon for Web site form authentication
- Creating a logon for Web site session authentication with HTTP headers
Measuring scan performance and time
Scanning a load balancer
Using the Metasploit Remote Check Service

Assess

Assess
Locating and working with assets
Fingerprint certainty
Applying RealContext with tags
Working with vulnerabilities
Vulnerability metrics explained
Vulnerability exceptions
Policy Manager
Policy rule overrides
Scanning for specific vulnerabilities

Act

Working with asset groups
Performing filtered asset searches
Creating a dynamic or static asset group from asset searches

Reports

Working with reports
Report templates and sections
Creating a basic report
Viewing, editing, and running reports
Working with risk trends in reports
For ASVs: Consolidating three report templates into one custom template
Distributing, sharing, and exporting reports
Configuring data warehousing settings
Configuring custom report templates
Understanding report content
Working with report formats
Report start times and durations
Upload externally created report templates signed by Rapid7

SQL Query Export

Creating reports based on SQL queries
Understanding the reporting data model: Overview and query design
Understanding the reporting data model: Facts
Understanding the reporting data model: Dimensions
Understanding the reporting data model: Functions
SQL Query Export examples

Tune

Tune
Working with scan templates and tuning scan performance
Configuring custom scan templates
Configuring asset discovery
Configuring service discovery
Selecting vulnerability checks
Selecting Policy Manager checks
Configuring verification of standard policies
Configuring scans of various types of servers
Configuring File Searches on Target Systems
Using other tuning options
Managing certificates for scanning
Creating a custom policy
Uploading custom SCAP policies
Risk Strategies
Adjusting risk with criticality
Sending custom fingerprints to paired Scan Engines
Scan property tuning options for specific use cases

Users and Authentication

Managing users and authentication
Setting password policies
Two factor authentication
LDAP authentication
Kerberos authentication
Configure SSO authentication
Remove an authentication source from Nexpose
How to reset a password

Manage

Managing the Security Console
Configure HTTPS Options
PostgreSQL 15.6 Database Migration Guide
Planning a deployment
Database Backup, Restore, and Data Retention
Managing versions, updates, and licenses
SCAP compliance
Live Licensing
Setting Up a Sonar Query
Enabling FIPS mode
Using the command console
Troubleshooting
Running the Windows uninstaller
Running the Linux uninstaller
Configuring maximum performance in an enterprise environment
Define your goals
Ensuring complete coverage
Planning your Scan Engine Deployment
Setting up the application and getting started
Planning for Capacity Requirements
Bulk asset delete operations
Using a proxy server

Integrations

Amazon Web Services (AWS)
Amazon Web Services FAQs

Resources

Resources
RESTful API
Finding out what features your license supports
Application encryption types
Linking assets across sites
Using regular expressions
Using Exploit Exposure
Performing configuration assessment
Nexpose Physical Appliance
Virtual Appliance Guide
Patching Appliances for Meltdown/Spectre
Recurring vulnerability coverage

Release Notes

Nexpose release notes

Support

Investigate false positives
Contact the Rapid7 Support Team
Share an idea with Rapid7
Finding out what features your license supports

End-of-life Announcements

BeyondTrust (Previously Liberman) Privileged Identity End-of-Life announcement
Manage Engine Service Desk legacy integration End-of-Life announcement
Thycotic legacy integration End-of-Life announcement
Internet Explorer 11 browser support end-of-life announcement
Legacy data warehouse and report database export End-of-Life announcement
Amazon Web Services (AWS) legacy discovery connection End-of-Life announcement
NSX Manager End-of-Life announcement
Legacy CyberArk ruby gem End-of-Life announcement
ServiceNow ruby gem End-of-Life announcement
Legacy Imperva integration End-of-Life announcement
Cisco FireSight (previously Sourcefire) ruby gem integration End-of-Life announcement
Microsoft System Center Configuration Manager (SCCM) ruby gem integration End-of-Life announcement
TLS 1.0 and 1.1 support for Insight solutions End-of-Life announcement

Configure Duo as a SAML source

Create a new SAML Application in Duo

In the Duo Admin Portal, select Applications.
Select Protect an Application.
Search and select Generic Service Provider.
Select the option with Protection Type 2FA with SSO hosted by Duo.

Add Service Provider metadata to Duo

In the Service Provider section of your cloud application in Duo, enter the Entity id and ACS URL.
In the Entity id field, paste the Security Console Entity ID URL, for example: http://rapid7.com/nsc/console/…
In the Assertion Consumer Service (ACS) URL field, paste the Security Console ACS URL, for example: https://<console-hostname>:<console-port>/saml/SSO
If the ACS URL contains hostname/FQDN please set a Base Entity URL in the InsightVM Security Console

Configure attributes in Duo

On the DUO NameID format field set the format to nameid-format:emailAddress.
Set the NameID attribute to Email Address.
Set the Signature Algorithm to SHA-256.

Download and upload metadata

On DUO’s Metadata page, click Download XML Metadata file.
1. In the Security Console, go the Administration page.
In the Console section, click Authentication: 2FA and SSO.
Click Configure SAML Source.
Click Choose File and select the Azure metadata XML file.
Click Save.
Restart the console services.

Create a user in the Security Console

On the Administration page, under User Management, click Add User.
Complete the required User Information fields. The E-mail address field is case sensitive, and must exactly match the existing IdP user account email value.
Select SAML Authorization Method > SAML.
Select the User Role.
Assign Site and Asset Group Permissions.
Click Save.

Authenticate to InsightVM using SAML

Login to your Duo application landing page.
Select the Rapid7 InsightVM Console tile.

Did this page help you?

Users and Authentication

ADFS SSO SAML

Users and Authentication

Google SSO SAML

On This Page

Create a new SAML Application in Duo
- Add Service Provider metadata to Duo
- Configure attributes in Duo
Download and upload metadata
Create a user in the Security Console
Authenticate to InsightVM using SAML