Rapid7 Nexpose Vulnerability Report Setup Guide

Summary: How to set up a vulnerability report in Rapid7 Nexpose.

Rapid7 Nexpose Overview

Rapid7 Nexpose provides vulnerability management software to discover and prioritize vulnerabilities found in your environment. RiskSense supports Nexpose scan results exported as an .XML 2.0 file.

The following guide describes how to set up a named report for the Nexpose connector.

Rapid7 Nexpose Named Report Creation

Navigate to the Reports dashboard and click the blue New button.

Enter a report title in the Name field and select the XML Export 2.0 template (under the Export tab).

Define the report’s scope and the report generation schedule. The scope can be based on a scan, site, asset, asset group, tag, and/or vulnerability filter.

When choosing the Select Scan in Scope, the Select Site that was Scanned dialog appears. Select the scan for the specific site and click the Select Scan button.

After selecting the site, the Select Scan dialog appears. Select the scan to pull and click OK.

Optionally, you can choose Select Sites, Assets, Asset Groups, or Tags.

In the Select Report Scope dialog, select sites, asset groups, assets, or tags from the drop-down menu.

Once selected, choose the specific data set. For example, here are the available sites. Once you have selected your data set, click Done.

The final option is Vulnerability filters have been applied.

In the Select Vulnerability Filters dialog, accept the defaults or choose the options for the data set. Once completed, click Done.

In the Frequency dialog, select the report run frequency. If you want RiskSense to pull this report on the connector’s set schedule, select Run a recurring report on a schedule.

Click Save & Run the Report or Save the Report when done.