Rapid7 NeXpose Vulnerability Scanner
What is Discovered and Monitored
Protocol |
Metrics collected |
Used for |
---|---|---|
Rapid7 Nexpose API |
Scan name, Scanned Host Name, Host OS, Vulnerability category, Vulnerability name, Vulnerability severity, Vulerability CVE Id and Bugtraq Id, Vulnerability CVSS Score, Vulnerability Consequence |
Security Monitoring |
Event Types
In ADMIN > Device Support > Event, search for "rapid7" in the Description and Device Type columns to see the event types associated with this device.
Rules
There are no predefined rules for this device.
Reports
There are no predefined reports for this device.
Configuration
Rapid7 NeXpose API
- Log into the device manger for your vulnerability scanner with administrative credentials.
- Go to Administration > General > User Configuration, and create a user that FortiSIEM can use to access the device.
- Go to Reports > General > Report Configuration.
- Create a report with the Report Format set to Simple XML Report Version 1.0 or NeXpose XML Report Version 2.0.
FortiSIEM can pull reports only in these formats.
Settings for Access Credentials
Settings for Rapid7 Nexpose API Access Credentials
Set these Access Method Definition values to allow FortiSIEM to communicate with your device.
Setting | Value |
---|---|
Name | <set name> |
Device Type | Rapid7 NeXpose Security Scanner |
Access Protocol | Rapid7 NeXpose API |
Pull Interval (minutes) | 60 |
Port | 3780 |
User Name | A user who can access the device over the API |
Password | The password associated with the user |