Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

External Systems Configuration Guide

Rapid7 NeXpose Vulnerability Scanner

What is Discovered and Monitored

Protocol

Metrics collected

Used for

Rapid7 Nexpose API

Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence

Security Monitoring

Event Types

In ADMIN > Device Support > Event, search for "rapid7" in the Description and Device Type columns to see the event types associated with this device. 

Rules

There are no predefined rules for this device. 

Reports

There are no predefined reports for this device. 

Configuration

Rapid7 NeXpose API
  1. Log into the device manger for your vulnerability scanner with administrative credentials. 
  2. Go to Administration > General > User Configuration, and create a user that FortiSIEM can use to access the device.
  3. Go to Reports > General > Report Configuration
  4. Create a report with the Report Format set to Simple XML Report Version 1.0 or NeXpose XML Report Version 2.0.
    FortiSIEM can pull reports only in these formats.
     

Settings for Access Credentials 

Settings for Rapid7 Nexpose API Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Rapid7 NeXpose Security Scanner
Access Protocol Rapid7 NeXpose API
Pull Interval (minutes) 60
Port 3780
User Name A user who can access the device over the API
Password The password associated with the user

Rapid7 NeXpose Vulnerability Scanner

What is Discovered and Monitored

Protocol

Metrics collected

Used for

Rapid7 Nexpose API

Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence

Security Monitoring

Event Types

In ADMIN > Device Support > Event, search for "rapid7" in the Description and Device Type columns to see the event types associated with this device. 

Rules

There are no predefined rules for this device. 

Reports

There are no predefined reports for this device. 

Configuration

Rapid7 NeXpose API
  1. Log into the device manger for your vulnerability scanner with administrative credentials. 
  2. Go to Administration > General > User Configuration, and create a user that FortiSIEM can use to access the device.
  3. Go to Reports > General > Report Configuration
  4. Create a report with the Report Format set to Simple XML Report Version 1.0 or NeXpose XML Report Version 2.0.
    FortiSIEM can pull reports only in these formats.
     

Settings for Access Credentials 

Settings for Rapid7 Nexpose API Access Credentials

Set these Access Method Definition values to allow FortiSIEM to communicate with your device.

Setting Value
Name <set name>
Device Type Rapid7 NeXpose Security Scanner
Access Protocol Rapid7 NeXpose API
Pull Interval (minutes) 60
Port 3780
User Name A user who can access the device over the API
Password The password associated with the user