Rapid7 Nexpose Vulnerability Report Setup Guide

Summary: How to set up a vulnerability report in Rapid7 Nexpose.

Rapid7 Nexpose Overview

Rapid7 Nexpose provides vulnerability management software to discover and prioritize vulnerabilities found in your environment. RiskSense supports Nexpose scan results exported as an .XML 2.0 file.

The following guide describes how to set up a named report for the Nexpose connector.

Rapid7 Nexpose Named Report Creation

Navigate to the Reports dashboard and click the blue New button.

Nexpose Vuln Report - New Report Button

Enter a report title in the Name field and select the XML Export 2.0 template (under the Export tab).

Nexpose Vuln Report - XML Export 2.0 Selection

Define the report’s scope and the report generation schedule. The scope can be based on a scan, site, asset, asset group, tag, and/or vulnerability filter.

Nexpose Vuln Report - Select Scan

When choosing the Select Scan in Scope, the Select Site that was Scanned dialog appears. Select the scan for the specific site and click the Select Scan button.

Nexpose Vuln Report - Select the Site that was Scanned Window

After selecting the site, the Select Scan dialog appears. Select the scan to pull and click OK.

Nexpose Vuln Report - Select Scan from List

Optionally, you can choose Select Sites, Assets, Asset Groups, or Tags.

Nexpose Vuln Report - Select Sites Assets Asset Groups or Tags

In the Select Report Scope dialog, select sites, asset groups, assets, or tags from the drop-down menu.

Nexpose Vuln Report - Select Report Scope

Once selected, choose the specific data set. For example, here are the available sites. Once you have selected your data set, click Done.

Nexpose Vuln Report - Select Report Scope - Done Button Location

The final option is Vulnerability filters have been applied.

Nexpose Vuln Report - Vulnerability Filters Have Been Applied - Scope

In the Select Vulnerability Filters dialog, accept the defaults or choose the options for the data set. Once completed, click Done.

Nexpose Vuln Report - Select Vulnerability Filters

In the Frequency dialog, select the report run frequency. If you want RiskSense to pull this report on the connector’s set schedule, select Run a recurring report on a schedule.

Nexpose Vuln Report - Run a Recurring Report After Every Scan

Nexpose Vuln Report - Frequency

Click Save & Run the Report or Save the Report when done.