Platform
- TECHNOLOGY
  The Rapid7 Command Platform
  AI-Powered Cybersecurity Platform
  Start Trial
Products
- NEW!
  Surface Command
  Unlock a continuous 360° view of your attack surface
  FREE TRIAL
- DETECTION & RESPONSE
- Next-Gen SIEM
  INSIGHTIDR
- Threat Intelligence
  THREAT COMMAND
Services
- MXDR
  Managed Threat Complete
  24x7 MXDR to secure your extended ecosystem
  Request Demo
- DETECTION & RESPONSE
- Managed XDR
  MANAGED THREAT COMPLETE
- Incident Response Services
  EXPERIENCING A BREACH?
Resources
- NEW
  The Take Command Summit is back!
  Our largest virtual event returns Apr. 9
  Register
Company
Partners
Sign In

Nexpose

Platform
- TECHNOLOGY
  The Rapid7 Command Platform
  AI-Powered Cybersecurity Platform
  Start Trial
Products
- NEW!
  Surface Command
  Unlock a continuous 360° view of your attack surface
  FREE TRIAL
- DETECTION & RESPONSE
- Next-Gen SIEM
  INSIGHTIDR
- Threat Intelligence
  THREAT COMMAND
Services
- MXDR
  Managed Threat Complete
  24x7 MXDR to secure your extended ecosystem
  Request Demo
- DETECTION & RESPONSE
- Managed XDR
  MANAGED THREAT COMPLETE
- Incident Response Services
  EXPERIENCING A BREACH?
Resources
- NEW
  The Take Command Summit is back!
  Our largest virtual event returns Apr. 9
  Register
Company
Partners

Sign In

Documentation
Nexpose
Release Notes

Docs Menu

Get Started

Welcome to Nexpose
Quick Start Guide
- System Requirements
- Download
Tour the Home Page
- Changes to the Security Console Administration page
Service start, stop, and status controls
Nexpose glossary of terms

Sites

What is a site?
Creating your first site
Site creation use cases
Create and edit sites
Giving users access to a site
Adding assets to sites
Best practices for adding assets
Deleting sites
Site Detail View

Scan Engines

Scan Engines
Distributed Scan Engines
Post-Installation Engine-to-Console Pairing
External Scanning Service
Scan Engine Pools
Containerized Scan Engine
AWS Scan Engines
Azure Scan Engines
Scan Engine Communication Methods
Scan Engine Data Collection - Rules and Details

Scan Assistant

Using the Scan Assistant

Scan Templates

Selecting a scan template
Scan template best practices
Scanning with multiple templates
Scan templates appendix
Authenticated Discovery Scans

Scan Credentials

Configuring scan credentials
Maximizing security with credentials
Configuring site-specific scan credentials
Managing shared scan credentials
Creating and Managing CyberArk Credentials
Kerberos Credentials for Authenticated Scans
Using SSH public key authentication
Elevating permissions
Database scanning credential requirements
Using LM/NTLM hash authentication
Authentication on Windows: best practices
Authentication on Unix and related targets: best practices
Using PowerShell with your scans

Alerts and Schedules

Setting up scan alerts
Schedule a scan
Schedule scan blackouts
Export your Calendar

Dynamic Discovery

Managing dynamic discovery of assets
Discovering mobile devices
Discovering Amazon Web Services instances
Discovering Microsoft Azure instances
Discovering Virtual Machines Managed by VMware vCenter or ESX/ESXi
Discovering Assets through DHCP Log Queries
Discovering Assets managed by McAfee ePolicy Orchestrator
Discovering vulnerability data collected by McAfee Data Exchange Layer (DXL)
Discovering Assets managed by Active Directory
Creating and managing Dynamic Discovery connections
Initiating Dynamic Discovery
Using filters to refine Dynamic Discovery
Monitoring Dynamic Discovery
Configuring a site using a Dynamic Discovery connection

Other Scanning Resources

Working with Project Sonar
Importing AppSpider scan data
Running a manual scan
Understanding different scan engine statuses and states
Viewing scan results and scan logs
Scan threads and port statuses
Stopping all in-progress scans
Automating security actions in changing environments
Enabling Remote Registry Activation
Working with Containers
Configuring scan authentication on target Web applications
- Creating a logon for Web site form authentication
- Creating a logon for Web site session authentication with HTTP headers
Measuring scan performance and time
Scanning a load balancer
Using the Metasploit Remote Check Service

Assess

Assess
Locating and working with assets
Fingerprint certainty
Applying RealContext with tags
Working with vulnerabilities
Vulnerability metrics explained
Vulnerability exceptions
Policy Manager
Policy rule overrides
Scanning for specific vulnerabilities

Act

Working with asset groups
Performing filtered asset searches
Creating a dynamic or static asset group from asset searches

Reports

Working with reports
Report templates and sections
Creating a basic report
Viewing, editing, and running reports
Working with risk trends in reports
For ASVs: Consolidating three report templates into one custom template
Distributing, sharing, and exporting reports
Configuring data warehousing settings
Configuring custom report templates
Understanding report content
Working with report formats
Report start times and durations
Upload externally created report templates signed by Rapid7

SQL Query Export

Creating reports based on SQL queries
Understanding the reporting data model: Overview and query design
Understanding the reporting data model: Facts
Understanding the reporting data model: Dimensions
Understanding the reporting data model: Functions
SQL Query Export examples

Tune

Tune
Working with scan templates and tuning scan performance
Configuring custom scan templates
Configuring asset discovery
Configuring service discovery
Selecting vulnerability checks
Selecting Policy Manager checks
Configuring verification of standard policies
Configuring scans of various types of servers
Configuring File Searches on Target Systems
Using other tuning options
Managing certificates for scanning
Creating a custom policy
Uploading custom SCAP policies
Risk Strategies
Adjusting risk with criticality
Sending custom fingerprints to paired Scan Engines
Scan property tuning options for specific use cases

Users and Authentication

Managing users and authentication
Setting password policies
Two factor authentication
LDAP authentication
Kerberos authentication
Configure SSO authentication
Remove an authentication source from Nexpose
How to reset a password

Manage

Managing the Security Console
Configure HTTPS Options
Security Console best practices
PostgreSQL Database Migration Guide
Planning a deployment
Database Backup, Restore, and Data Retention
Managing versions, updates, and licenses
SCAP compliance
Live Licensing
Setting Up a Sonar Query
Enabling FIPS mode
Using the command console
Troubleshooting
Running the Windows uninstaller
Running the Linux uninstaller
Configuring maximum performance in an enterprise environment
Define your goals
Ensuring complete coverage
Planning your Scan Engine Deployment
Setting up the application and getting started
Planning for Capacity Requirements
Bulk asset delete operations
Using a proxy server

Integrations

Amazon Web Services (AWS)
Amazon Web Services FAQs

Resources

Resources
RESTful API
Finding out what features your license supports
Application encryption types
Linking assets across sites
Using regular expressions
Using Exploit Exposure
Performing configuration assessment
Nexpose Physical Appliance
Virtual Appliance Guide
Patching Appliances for Meltdown/Spectre
Recurring vulnerability coverage

Release Notes

Command Platform Release Notes

Support

Investigate false positives
Contact the Rapid7 Support Team
Share an idea with Rapid7
Finding out what features your license supports

End-of-life Announcements

Microsoft Defender BYOL integration End-of-Life announcement
BeyondTrust (Previously Liberman) Privileged Identity End-of-Life announcement
Manage Engine Service Desk legacy integration End-of-Life announcement
Thycotic legacy integration End-of-Life announcement
Internet Explorer 11 browser support end-of-life announcement
Legacy data warehouse and report database export End-of-Life announcement
Amazon Web Services (AWS) legacy discovery connection End-of-Life announcement
NSX Manager End-of-Life announcement
Legacy CyberArk ruby gem End-of-Life announcement
ServiceNow ruby gem End-of-Life announcement
Legacy Imperva integration End-of-Life announcement
Cisco FireSight (previously Sourcefire) ruby gem integration End-of-Life announcement
Microsoft System Center Configuration Manager (SCCM) ruby gem integration End-of-Life announcement
TLS 1.0 and 1.1 support for Insight solutions End-of-Life announcement

Get Started

Welcome to Nexpose
Quick Start Guide
- System Requirements
- Download
Tour the Home Page
- Changes to the Security Console Administration page
Service start, stop, and status controls
Nexpose glossary of terms

Sites

What is a site?
Creating your first site
Site creation use cases
Create and edit sites
Giving users access to a site
Adding assets to sites
Best practices for adding assets
Deleting sites
Site Detail View

Scan Engines

Scan Engines
Distributed Scan Engines
Post-Installation Engine-to-Console Pairing
External Scanning Service
Scan Engine Pools
Containerized Scan Engine
AWS Scan Engines
Azure Scan Engines
Scan Engine Communication Methods
Scan Engine Data Collection - Rules and Details

Scan Assistant

Using the Scan Assistant

Scan Templates

Selecting a scan template
Scan template best practices
Scanning with multiple templates
Scan templates appendix
Authenticated Discovery Scans

Scan Credentials

Configuring scan credentials
Maximizing security with credentials
Configuring site-specific scan credentials
Managing shared scan credentials
Creating and Managing CyberArk Credentials
Kerberos Credentials for Authenticated Scans
Using SSH public key authentication
Elevating permissions
Database scanning credential requirements
Using LM/NTLM hash authentication
Authentication on Windows: best practices
Authentication on Unix and related targets: best practices
Using PowerShell with your scans

Alerts and Schedules

Setting up scan alerts
Schedule a scan
Schedule scan blackouts
Export your Calendar

Dynamic Discovery

Managing dynamic discovery of assets
Discovering mobile devices
Discovering Amazon Web Services instances
Discovering Microsoft Azure instances
Discovering Virtual Machines Managed by VMware vCenter or ESX/ESXi
Discovering Assets through DHCP Log Queries
Discovering Assets managed by McAfee ePolicy Orchestrator
Discovering vulnerability data collected by McAfee Data Exchange Layer (DXL)
Discovering Assets managed by Active Directory
Creating and managing Dynamic Discovery connections
Initiating Dynamic Discovery
Using filters to refine Dynamic Discovery
Monitoring Dynamic Discovery
Configuring a site using a Dynamic Discovery connection

Other Scanning Resources

Working with Project Sonar
Importing AppSpider scan data
Running a manual scan
Understanding different scan engine statuses and states
Viewing scan results and scan logs
Scan threads and port statuses
Stopping all in-progress scans
Automating security actions in changing environments
Enabling Remote Registry Activation
Working with Containers
Configuring scan authentication on target Web applications
- Creating a logon for Web site form authentication
- Creating a logon for Web site session authentication with HTTP headers
Measuring scan performance and time
Scanning a load balancer
Using the Metasploit Remote Check Service

Assess

Assess
Locating and working with assets
Fingerprint certainty
Applying RealContext with tags
Working with vulnerabilities
Vulnerability metrics explained
Vulnerability exceptions
Policy Manager
Policy rule overrides
Scanning for specific vulnerabilities

Act

Working with asset groups
Performing filtered asset searches
Creating a dynamic or static asset group from asset searches

Reports

Working with reports
Report templates and sections
Creating a basic report
Viewing, editing, and running reports
Working with risk trends in reports
For ASVs: Consolidating three report templates into one custom template
Distributing, sharing, and exporting reports
Configuring data warehousing settings
Configuring custom report templates
Understanding report content
Working with report formats
Report start times and durations
Upload externally created report templates signed by Rapid7

SQL Query Export

Creating reports based on SQL queries
Understanding the reporting data model: Overview and query design
Understanding the reporting data model: Facts
Understanding the reporting data model: Dimensions
Understanding the reporting data model: Functions
SQL Query Export examples

Tune

Tune
Working with scan templates and tuning scan performance
Configuring custom scan templates
Configuring asset discovery
Configuring service discovery
Selecting vulnerability checks
Selecting Policy Manager checks
Configuring verification of standard policies
Configuring scans of various types of servers
Configuring File Searches on Target Systems
Using other tuning options
Managing certificates for scanning
Creating a custom policy
Uploading custom SCAP policies
Risk Strategies
Adjusting risk with criticality
Sending custom fingerprints to paired Scan Engines
Scan property tuning options for specific use cases

Users and Authentication

Managing users and authentication
Setting password policies
Two factor authentication
LDAP authentication
Kerberos authentication
Configure SSO authentication
Remove an authentication source from Nexpose
How to reset a password

Manage

Managing the Security Console
Configure HTTPS Options
Security Console best practices
PostgreSQL Database Migration Guide
Planning a deployment
Database Backup, Restore, and Data Retention
Managing versions, updates, and licenses
SCAP compliance
Live Licensing
Setting Up a Sonar Query
Enabling FIPS mode
Using the command console
Troubleshooting
Running the Windows uninstaller
Running the Linux uninstaller
Configuring maximum performance in an enterprise environment
Define your goals
Ensuring complete coverage
Planning your Scan Engine Deployment
Setting up the application and getting started
Planning for Capacity Requirements
Bulk asset delete operations
Using a proxy server

Integrations

Amazon Web Services (AWS)
Amazon Web Services FAQs

Resources

Resources
RESTful API
Finding out what features your license supports
Application encryption types
Linking assets across sites
Using regular expressions
Using Exploit Exposure
Performing configuration assessment
Nexpose Physical Appliance
Virtual Appliance Guide
Patching Appliances for Meltdown/Spectre
Recurring vulnerability coverage

Release Notes

Command Platform Release Notes

Support

Investigate false positives
Contact the Rapid7 Support Team
Share an idea with Rapid7
Finding out what features your license supports

End-of-life Announcements

Microsoft Defender BYOL integration End-of-Life announcement
BeyondTrust (Previously Liberman) Privileged Identity End-of-Life announcement
Manage Engine Service Desk legacy integration End-of-Life announcement
Thycotic legacy integration End-of-Life announcement
Internet Explorer 11 browser support end-of-life announcement
Legacy data warehouse and report database export End-of-Life announcement
Amazon Web Services (AWS) legacy discovery connection End-of-Life announcement
NSX Manager End-of-Life announcement
Legacy CyberArk ruby gem End-of-Life announcement
ServiceNow ruby gem End-of-Life announcement
Legacy Imperva integration End-of-Life announcement
Cisco FireSight (previously Sourcefire) ruby gem integration End-of-Life announcement
Microsoft System Center Configuration Manager (SCCM) ruby gem integration End-of-Life announcement
TLS 1.0 and 1.1 support for Insight solutions End-of-Life announcement

Setting password policies

Setting user password policies for criteria such as size, complexity, or expiration is a security best practice that makes it difficult for would-be attackers to brute-force or guess passwords. Your organization may also mandate this practice as a security control.

If you are a Global Administrator, you can create a password policy by taking the following steps:

On the Administration page, click Users > Password Policy.
Enter a unique name in the name textbox to help you identify the policy.
Select values for the following password attributes as desired:
- Days to Expire
- Minimum Length
- Maximum Length
- Special Characters
- Numbers
- Capital Letters
Click Save Password Policy.

If you set a expiration window, the expiration date and time appears in the Users table, which you can see by selecting Manage users link for Users on the Administration page.

Did this page help you?