Fortinet black logo

External Systems Configuration Guide

Rapid7 NeXpose Vulnerability Scanner

Rapid7 NeXpose Vulnerability Scanner

What is Discovered and Monitored

Protocol

Metrics collected

Used for

Rapid7 Nexpose API

Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence

Security Monitoring

Event Types

In ADMIN > Device Support > Event, search for "rapid7" in the Description and Device Type columns to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

Rapid7 NeXpose API
  1. Log into the device manger for your vulnerability scanner with administrative credentials.
  2. Go to Administration > General > User Configuration, and create a user that FortiSIEM can use to access the device.
  3. Go to Reports > General > Report Configuration.
  4. Create a report with the Report Format set to Simple XML Report Version 1.0 or NeXpose XML Report Version 2.0.
    FortiSIEM can pull reports only in these formats.

Settings for Access Credentials

Settings for Rapid7 Nexpose API Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

SettingValue
Name<set name>
Device TypeRapid7 NeXpose Security Scanner
Access ProtocolRapid7 NeXpose API
Pull Interval (minutes)60
Port3780
User NameA user who can access the device over the API
PasswordThe password associated with the user

Rapid7 NeXpose Vulnerability Scanner

What is Discovered and Monitored

Protocol

Metrics collected

Used for

Rapid7 Nexpose API

Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence

Security Monitoring

Event Types

In ADMIN > Device Support > Event, search for "rapid7" in the Description and Device Type columns to see the event types associated with this device.

Rules

There are no predefined rules for this device.

Reports

There are no predefined reports for this device.

Configuration

Rapid7 NeXpose API
  1. Log into the device manger for your vulnerability scanner with administrative credentials.
  2. Go to Administration > General > User Configuration, and create a user that FortiSIEM can use to access the device.
  3. Go to Reports > General > Report Configuration.
  4. Create a report with the Report Format set to Simple XML Report Version 1.0 or NeXpose XML Report Version 2.0.
    FortiSIEM can pull reports only in these formats.

Settings for Access Credentials

Settings for Rapid7 Nexpose API Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

SettingValue
Name<set name>
Device TypeRapid7 NeXpose Security Scanner
Access ProtocolRapid7 NeXpose API
Pull Interval (minutes)60
Port3780
User NameA user who can access the device over the API
PasswordThe password associated with the user