Fortinet Document Library

Version:


Table of Contents

1.3.0
Copy Link

About the connector

Rapid7 Nexpose is a vulnerability assessment tool that aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting, and mitigation. It integrates with Rapid7's Metasploit for vulnerability exploitation.

This document provides information about the Rapid7 Nexpose connector, which facilitates automated interactions, with a Rapid7 Nexpose server using FortiSOAR™ playbooks. Add the Rapid7 Nexpose connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving information about assets, sites, scans, and vulnerabilities, and starting a scan on a specific site. 

Version information

Connector Version: 1.3.0

FortiSOAR™ Version Tested on: 5.1.0-464

Authored By: Fortinet

Certified: Yes

Release Notes for version 1.3.0

Following enhancements have been made to the Rapid7 Nexpose connector in version 1.3.0:

  • Added a new operation and playbooks named 'Tag Asset'.

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-rapid7-nexpose

Prerequisites to configuring the connector

  • You must have the URL of Rapid7 Nexpose server to which you will connect and perform the automated operations and credentials (Username-Password pair) to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
  • The minimum privileges that require to be assigned to users who are going to use this connector and run actions on Rapid7 Nexpose is access to "Manage Sites" under "Global Permissions".

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Rapid7 Nexpose connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details: 

Parameter Description
Server URL IP address or Hostname URL of the Rapid7 Nexpose server to which you will connect and perform the automated operations.
Port Port number used to access the Rapid7 Nexpose server.
Username Username that has administrative privileges on the Rapid7 Nexpose server.
Password Password to access the Rapid7 Nexpose server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get Asset(s) Retrieves information about all assets or specific asset(s) (based on the filter criteria you have specified) from Rapid7 Nexpose. get_asset
Investigation
Get Asset Tags Retrieves a list of tags associated with a specific asset from Rapid7 Nexpose based on the asset ID you have specified. get_asset_tags
Investigation
Get Assets Associated with Tag Retrieves a list of assets associated with a specific tag from Rapid7 Nexpose based on the tag ID you have specified. get_asset
Investigation
Get Tags Retrieves details about all tag or specific tags from Rapid7 Nexpose based on the filter criteria you have specified. get_tags
Investigation
Get Softwares on Asset Retrieves a list of all installed software on a specific asset from Rapid7 Nexpose based on the asset ID you have specified. get_software
Investigation
Get Asset Vulnerability Retrieves information about vulnerabilities that are associated with a particular asset from Rapid7 Nexpose, based on the asset ID you have specified. get_vulnerabilities
Investigation
Get Vulnerability Retrieves information about all vulnerabilities or a specific vulnerability (based on the vulnerability ID you have specified) from Rapid7 Nexpose. get_vulnerabilities
Investigation
Get Exploits Retrieves a list of all known exploits from Rapid7 Nexpose based on the filter criteria you have specified. get_exploits
Investigation
Get Exploit Details Retrieves details about a specific exploit from Rapid7 Nexpose based on the exploit ID you have specified. get_exploit_details
Investigation
Get Exploitable Vulnerabilities Retrieves information about the exploitable vulnerabilities associated with a specific exploit from Rapid7 Nexpose based on the exploit ID you have specified. get_exploitable_vulnerabilities
Investigation
Get Asset Groups Retrieves information about all asset groups or specific group(s) (based on the filter criteria you have specified) from Rapid7 Nexpose. get_asset_groups
Investigation
Get Scan Retrieves information about all scans or a specific scan (based on the scan ID you have specified) from Rapid7 Nexpose. get_scan
Investigation
Get Scan Engines Retrieves information about all scan engines or specific scan engine(s) (based on the scan engine ID you have specified) that are available to use for scanning from Rapid7 Nexpose. get_scan_engines
Investigation
Get Scan Templates Retrieves information about all scan templates or specific scan template(s) (based on the scan template ID you have specified) from Rapid7 Nexpose. get_scan_templates
Investigation
Get Site Retrieves information about all sites or a specific site (based on the site ID you have specified) from Rapid7 Nexpose. get_site
Investigation
Execute Reference link Retrieves the records associated with the specified reference link from Rapid7 Nexpose. get_reference_link
Investigation
Launch Site Scan Starts a scan for a specified site based on the engine ID, template ID and other parameters you have specified. launch_scan
Investigation
Create Tag Creates a tag or tags in Rapid7 Nexpose based on the tag name and type and other input parameters you have specified. create_tags
Investigation
Get Site Scan Schedule(s) Retrieves site scan schedule information from Rapid7 Nexpose based on the site ID and schedule you have specified. get_site_scan_schedule
Investigation
Tag Asset Adds an asset to a tag in Rapid7 Nexpose based on the asset ID and tag ID you have specified. tag_asset
Investigation

operation: Get Asset(s)

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Apply Filter Criteria Logical operator to be applied to searching assets based on the filter criteria. The following options are available: Any or All.
If you select Any, then the results are displayed if any of the filter criteria that you have specified is met and if you select All, then the results are displayed only if all the filter criteria that you have specified is met.
IP Address Operator Logical operator to be applied to searching asset based on the IP address value. The following options are available: Is, Is Not, In Range, Not In Range, Like, or Not Like.
IP Address If you specify the IP Address Operator (other than In Range or Not In Range operator), then you must specify the IP address based on which you want to search for asset(s).
From IP Address
And
To IP Address
Only applicable if you have selected the In Range or Not In Range operator.
If you have selected the In Range or Not In Range operator, then specify the from (lower) value of the IP address that is part of the IP address range you want to use to search the asset(s).
If you have selected the In Range or Not In Range operator, then specify the to (higher) value of the IP address that is part of the IP address range you want to use to search the asset(s).
Asset Name Operator Logical operator to be applied to searching asset based on the name of the asset.
The following options are available: Is, Is Not, Starts With, Ends With, Contains, Not Contains, Is Empty, Is Not Empty, Like, or Not Like.
Asset Name If you specify the Asset Name Operator, then you must specify the name of the asset based on which you want to search for asset(s).
OS Operator Logical operator to be applied to searching asset based on the OS.
The following options are available: Contains, Not Contains, Is Empty, or Is Not Empty
OS Value If you specify the OS Operator, then you must specify the OS based on which you want to search for asset(s).
Site ID Operator Logical operator to be applied to searching asset based on the ID of the site. The following options are available: In, or Not In.
Site ID If you specify the Site ID Operator, then you must specify the ID of the site based on which you want to search for asset(s).
Open Port Number Operator Logical operator to be applied to searching asset based on the open port number. The following options are available: Is, Is Not, or In Range.
Open Port Number If you specify the Open Port Number Operator (other than the In Range operator), then you must specify the open port number based on which you want to search for asset(s).
From Open Port Number
And
To Open Port Number
Only applicable if you have selected the In Range operator.
If you have selected the In Range operator, then specify the from (lower) value of the open port number that is part of the open port number range you want to use to search the asset(s).
If you have selected the In Range operator, then specify the to (higher) value of the open port number that is part of the open port number range you want to use to search the asset(s).
User-Added Custom Tag Operator Logical operator to be applied to searching asset based on a user-added custom tag. The following options are available: Is, Is Not, Starts With, Ends With, Contains, Not Contains, Is Applied, or Is Not Applied.
User-Added Custom Tag Value If you specify the User-Added Custom Tag Operator, then you must specify the value of the user-added custom tag based on which you want to search for asset(s).
Vulnerability Category Operator Logical operator to be applied to searching asset based on a vulnerability category.
The following options are available: Is, Is Not, Starts With, Ends With, Contains, or Not Contains.
Vulnerability Category If you specify the Vulnerability Category Operator, then you must specify the value of the vulnerability category based on which you want to search for asset(s).
Vulnerability Title Operator Logical operator to be applied to searching asset based on a vulnerability title.
The following options are available: Is, Is Not, Starts With, Ends With, Contains, or Not Contains.
Vulnerability Title If you specify the Vulnerability Title Operator, then you must specify the value of the vulnerability category based on which you want to search for asset(s).
CVE ID Operator Logical operator to be applied to searching asset based on the CVE ID.
The following options are available: Is, Is Not, Contains, or Not Contains.
CVE ID If you specify the CVE ID Operator, then you must specify the value of the CVE ID based on which you want to search for asset(s).
User-Added Tag(Location) Operator Logical operator to be applied to searching asset based on a user-added location tag.
The following options are available: IS, Is Not, Starts With, Ends With, Contains, Not Contains, Is Applied, or Is Not Applied.
User-Added Tag(Location) Value If you specify the User-Added Tag(Location) Operator, then you must specify the value of the user-added location tag based on which you want to search for asset(s).
User-Added Criticality Level Operator Logical operator to be applied to searching asset based on a user-added criticality level.
The following options are available: Very High, High, Medium, Low, Very Low.
User-Added Criticality Level Value If you specify the User-Added Criticality Level Operator, then you must specify the value of the user-added criticality level based on which you want to search for asset(s).
User-Added Tag(Owners) Operator Logical operator to be applied to searching asset based on a user-added owners tag.
The following options are available: Is, Is Not, Starts With, Ends With, Contains, Not Contains, Is Applied, or Is Not Applied
User-Added Tag(Owners) Value If you specify the User-Added Tag(Owners) Operator, then you must specify the value of the user-added owners tag based on which you want to search for asset(s).
Page Number Page number from which you want to retrieve records.
Records Per Page Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "services": [
                 {
                     "protocol": "",
                     "port": "",
                     "links": [
                         {
                             "href": "",
                             "rel": ""
                         }
                     ]
                 }
             ],
             "vulnerabilities": {
                 "severe": "",
                 "moderate": "",
                 "total": "",
                 "critical": "",
                 "malwareKits": "",
                 "exploits": ""
             },
             "osFingerprint": {
                 "type": "",
                 "family": "",
                 "version": "",
                 "systemName": "",
                 "vendor": "",
                 "description": "",
                 "id": "",
                 "cpe": {
                     "v2.3": "",
                     "vendor": "",
                     "v2.2": "",
                     "product": "",
                     "version": "",
                     "part": ""
                 },
                 "product": ""
             },
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "assessedForVulnerabilities": "",
             "riskScore": "",
             "id": "",
             "os": "",
             "ip": "",
             "assessedForPolicies": "",
             "mac": "",
             "history": [
                 {
                     "scanId": "",
                     "type": "",
                     "date": "",
                     "version": ""
                 }
             ],
             "rawRiskScore": "",
             "addresses": [
                 {
                     "ip": "",
                     "mac": ""
                 }
             ]
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "page": {
         "totalResources": "",
         "number": "",
         "totalPages": "",
         "size": ""
     }
}

operation: Get Asset Tags

Input parameters

Parameter Description
Asset ID Identifier of the asset whose associated list of tags you want to retrieve from Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "source": "",
             "created": "",
             "id": "",
             "color": "",
             "name": "",
             "sources": [
                 {
                     "source": "",
                     "id": "",
                     "links": [
                         {
                             "href": "",
                             "id": "",
                             "rel": ""
                         }
                     ]
                 }
             ],
             "type": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ]
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ]
}

operation: Get Assets Associated with Tag

Input parameters

Parameter Description
Tag ID Identifier of the tag whose associated list of assets you want to retrieve from Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "sources": [],
             "id": ""
         }
     ],
     "links": [
         {
             "href": "",
             "id": "",
             "rel": ""
         }
     ]
}

operation: Get Tags

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Tag Name Name of the tag whose details you want to retrieve from Rapid Nexpose.
Tag Type Type of the tag whose details you want to retrieve from Rapid Nexpose.
Page Number Page number from which you want to retrieve records.
Records Per Page (Optional) Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "source": "",
             "created": "",
             "id": "",
             "color": "",
             "name": "",
             "type": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ]
         }
     ],
     "page": {
         "totalPages": "",
         "totalResources": "",
         "size": "",
         "number": ""
     },
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ]
}

operation: Get Softwares on Asset

Input parameters

Parameter Description
Asset ID Identifier of the asset for which you want to retrieve the list of installed software.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "configurations": [
                 {
                     "name": "",
                     "value": ""
                 }
             ],
             "cpe": {
                 "edition": "",
                 "other": "",
                 "swEdition": "",
                 "vendor": "",
                 "product": "",
                 "language": "",
                 "update": "",
                 "version": "",
                 "v2.2": "",
                 "targetSW": "",
                 "v2.3": "",
                 "targetHW": "",
                 "part": ""
             }
         }
     ],
     "type": "",
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "family": "",
     "vendor": "",
     "description": "",
     "id": "",
     "version": "",
     "product": ""
}

operation: Get Asset Vulnerability

Input parameters

Parameter Description
Asset ID ID of an asset whose associated vulnerabilities information you want to retrieve from Rapid7 Nexpose.
Detailed Reports (Optional) Select this option if you require detailed reports.
By default, this option is set to True.
Page Number (Optional) Page number from which you want to retrieve records.
Records Per Page (Optional) Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "resources": [
         {
             "categories": [],
             "id": "",
             "denialOfService": "",
             "severityScore": "",
             "cvss": {
                 "links": [
                     {
                         "href": "",
                         "rel": ""
                     }
                 ],
                 "v2": {
                     "exploitScore": "",
                     "availabilityImpact": "",
                     "integrityImpact": "",
                     "vector": "",
                     "authentication": "",
                     "accessComplexity": "",
                     "confidentialityImpact": "",
                     "score": "",
                     "impactScore": "",
                     "accessVector": ""
                 }
             },
             "severity": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "pci": {
                 "fail": "",
                 "adjustedSeverityScore": "",
                 "adjustedCVSSScore": "",
                 "status": ""
             },
             "exploits": "",
             "added": "",
             "title": "",
             "malwareKits": "",
             "riskScore": "",
             "description": {
                 "text": "",
                 "html": ""
             },
             "modified": "",
             "published": ""
         }
     ],
     "page": {
         "size": "",
         "totalPages": "",
         "number": "",
         "totalResources": ""
     }
}

operation: Get Vulnerability

Input parameters

Parameter Description
Vulnerability ID ID of a vulnerability whose information you want to retrieve from Rapid7 Nexpose.
Page Number (Optional) Page number from which you want to retrieve records.
Records Per Page (Optional) Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "severity": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "added": "",
             "categories": [],
             "description": {
                 "text": "",
                 "html": ""
             },
             "modified": "",
             "id": "",
             "title": "",
             "exploits": "",
             "riskScore": "",
             "published": "",
             "denialOfService": "",
             "malwareKits": "",
             "cvss": {
                 "v2": {
                     "vector": "",
                     "authentication": "",
                     "score": "",
                     "integrityImpact": "",
                     "exploitScore": "",
                     "availabilityImpact": "",
                     "impactScore": "",
                     "accessComplexity": "",
                     "accessVector": "",
                     "confidentialityImpact": ""
                 },
                 "links": [
                     {
                         "href": "",
                         "rel": ""
                     }
                 ]
             },
             "severityScore": "",
             "pci": {
                 "status": "",
                 "fail": "",
                 "adjustedSeverityScore": "",
                 "adjustedCVSSScore": ""
             }
         }
     ]
}

operation: Get Exploits

Input parameters

Parameter Description
Page Number Page number from which you want to retrieve records.
Records Per Page Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "title": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "source": {
                 "link": {
                     "href": "",
                     "rel": "",
                     "id": ""
                 },
                 "name": "",
                 "key": ""
             },
             "id": "",
             "skillLevel": ""
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "page": {
         "totalResources": "",
         "number": "",
         "totalPages": "",
         "size": ""
     }
}

operation: Get Exploit Details

Input parameters

Parameter Description
Exploit ID Identifier of the exploit whose details you want to retrieve from Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "title": "",
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "source": {
         "link": {
             "href": "",
             "rel": "",
             "id": ""
         },
         "name": "",
         "key": ""
     },
     "id": "",
     "skillLevel": ""
}

operation: Get Exploitable Vulnerabilities

Input parameters

Parameter Description
Exploit ID Identifier of the exploit whose associated exploitable vulnerabilities you want to retrieve from Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         ""
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ]
}

operation: Get Asset Groups

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Group Type Type of asset group whose information you want to retrieve from Rapid7 Nexpose.
Group Name Search pattern for the name of the asset group whose information you want to retrieve from Rapid7 Nexpose.
Note: Searches in Rapid7 Nexpose are "case-insensitive contains".
Page Number Page number from which you want to retrieve records.
Records Per Page Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "vulnerabilities": {
                 "moderate": "",
                 "total": "",
                 "critical": "",
                 "severe": ""
             },
             "type": "",
             "name": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "assets": "",
             "description": "",
             "searchCriteria": {
                 "match": "",
                 "filters": [
                     {
                         "operator": "",
                         "field": "",
                         "value": ""
                     }
                 ]
             },
             "riskScore": "",
             "id": ""
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "page": {
         "totalResources": "",
         "number": "",
         "totalPages": "",
         "size": ""
     }
}

operation: Get Scan

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Scan ID ID of a scan whose information you want to retrieve from Rapid7 Nexpose.
Show Active Scan Reports Select this option if you want to include only active scan reports.
By default, this option is set to False.
Page Number Page number from which you want to retrieve records.
Records Per Page Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "status": "",
             "assets": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "scanType": "",
             "siteId": "",
             "engineName": "",
             "endTime": "",
             "id": "",
             "vulnerabilities": {
                 "moderate": "",
                 "total": "",
                 "critical": "",
                 "severe": ""
             },
             "startTime": "",
             "scanName": "",
             "engineId": "",
             "siteName": "",
             "duration": ""
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "page": {
         "totalResources": "",
         "number": "",
         "totalPages": "",
         "size": ""
     }
}

operation: Get Scan Engines

Input parameters

Parameter Description
Scan Engine ID (Optional) Identifier of the scan engine whose information you want to retrieve from Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "name": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "port": "",
             "lastUpdatedDate": "",
             "productVersion": "",
             "address": "",
             "contentVersion": "",
             "id": "",
             "sites": []
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ]
}

operation: Get Scan Templates

Input parameters

Parameter Description
Scan Template ID (Optional) Identifier of the scan template whose information you want to retrieve from Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "vulnerabilityEnabled": "",
             "policyEnabled": "",
             "telnet": {},
             "maxParallelAssets": "",
             "web": {
                 "userAgent": "",
                 "dontScanMultiUseDevices": "",
                 "patterns": {
                     "sensitiveField": ""
                 },
                 "testXssInSingleScan": "",
                 "includeQueryStrings": "",
                 "performance": {
                     "maximumTime": "",
                     "maximumRetries": "",
                     "maximumPages": "",
                     "httpDaemonsToSkip": [],
                     "maximumForeignHosts": "",
                     "responseTimeout": "",
                     "threadsPerServer": "",
                     "maximumDirectoryLevels": "",
                     "maximumLinkDepth": ""
                 },
                 "testCommonUsernamesAndPasswords": "",
                 "paths": {
                     "honorRobotDirectives": ""
                 }
             },
             "maxScanProcesses": "",
             "description": "",
             "enableWindowsServices": "",
             "id": "",
             "checks": {
                 "individual": {
                     "enabled": [],
                     "disabled": []
                 },
                 "types": {
                     "enabled": [],
                     "disabled": []
                 },
                 "potential": "",
                 "correlate": "",
                 "categories": {
                     "enabled": [],
                     "disabled": []
                 },
                 "unsafe": ""
             },
             "policy": {
                 "storeSCAP": "",
                 "recursiveWindowsFSSearch": ""
             },
             "name": "",
             "enhancedLogging": "",
             "discoveryOnly": "",
             "discovery": {
                 "service": {
                     "serviceNameFile": "",
                     "udp": {
                         "ports": ""
                     },
                     "tcp": {
                         "ports": "",
                         "method": ""
                     }
                 },
                 "asset": {
                     "treatTcpResetAsAsset": "",
                     "sendIcmpPings": "",
                     "collectWhoisInformation": "",
                     "fingerprintMinimumCertainty": "",
                     "ipFingerprintingEnabled": "",
                     "sendArpPings": "",
                     "fingerprintRetries": ""
                 },
                 "performance": {
                     "retryLimit": "",
                     "scanDelay": {
                         "minimum": "",
                         "maximum": ""
                     },
                     "timeout": {
                         "minimum": "",
                         "maximum": "",
                         "initial": ""
                     },
                     "packetRate": {
                         "minimum": "",
                         "defeatRateLimit": "",
                         "maximum": ""
                     },
                     "parallelism": {
                         "minimum": "",
                         "maximum": ""
                     }
                 }
             },
             "database": {
                 "oracle": []
             },
             "webEnabled": ""
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ]
}

operation: Get Site

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Site ID ID of a site whose information you want to retrieve from Rapid7 Nexpose.
Page Number Page number from which you want to retrieve records.
Records Per Page Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "vulnerabilities": {
                 "moderate": "",
                 "total": "",
                 "critical": "",
                 "severe": ""
             },
             "type": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "importance": "",
             "assets": "",
             "description": "",
             "name": "",
             "id": "",
             "scanTemplate": "",
             "lastScanTime": "",
             "riskScore": "",
             "scanEngine": ""
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "page": {
         "totalResources": "",
         "number": "",
         "totalPages": "",
         "size": ""
     }
}

operation: Execute Reference link

Input parameters

Parameter Description
Reference Link Reference link (href) based on which you want to retrieve the record from Rapid Nexpose.

Output

The output contains a non-dictionary value.

operation: Launch Site Scan

Input parameters

Parameter Description
Site ID Identifier of the site for which you want to start the scan.
Engine ID Identifier of the scan engine to be used for scanning.
Template ID Identifier of the scan template to be used for scanning.
Asset Group IDs (Optional) Identifiers of asset groups to be included as a part of the scan. Only asset groups that assigned to the site can be specified for a scan. This value should be an array of integers representing the unique identifiers of the asset groups.
Hosts (Optional) Hosts to be included as a part of the scan. You can specify hosts as a mixture of IP addresses and hostnames as a String array.
Scan Name (Optional) User-specified scan name for the scan that you want to start on the specified site.

Output

The output contains the following populated JSON schema:
{
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "id": ""
}

operation: Create Tag

Input parameters

Parameter Description
Tag Name Name of the tag that you want to create in Rapid7 Nexpose.
Tag Type Type of the tag that you want to create in Rapid7 Nexpose.
Color (Optional) Color that is to be used to render the tag on the user interface.
Risk Modifier (Optional) Amount of risk adjustment that should be made for an asset tagged with this tag.
Created (Optional) Date and time when the tag is created in Rapid7 Nexpose.
Other Fields (Optional) Other fields in the JSON format that you want to add while creating the tag in Rapid7 Nexpose.
For example, add a Search criterion that can be used to determine the dynamic membership field or a Links field.

Output

The output contains the following populated JSON schema:
{
     "id": "",
     "links": [
         {
             "rel": "",
             "href": ""
         }
     ]
}

operation: Get Site Scan Schedule(s)

Input parameters

Parameter Description
Site ID ID of a site whose scan schedules and information you want to retrieve from Rapid7 Nexpose.
Schedule Id ID of a schedule whose associated scan sites schedules and information you want to retrieve from Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "enabled": "",
             "repeat": {
                 "interval": "",
                 "lastDayOfMonth": "",
                 "dayOfWeek": "",
                 "every": "",
                 "weekOfMonth": ""
             },
             "id": "",
             "nextRuntimes": [
                 ""
             ],
             "scanEngineId": "",
             "scanTemplateId": "",
             "assets": {
                 "excludedTargets": {
                     "links": [
                         {
                             "rel": "",
                             "href": ""
                         }
                     ],
                     "addresses": [
                         ""
                     ]
                 },
                 "excludedAssetGroups": {
                     "assetGroupIDs": [
                         ""
                     ],
                     "links": [
                         {
                             "rel": "",
                             "href": ""
                         }
                     ]
                 },
                 "includedAssetGroups": {
                     "assetGroupIDs": [
                         ""
                     ],
                     "links": [
                         {
                             "rel": "",
                             "href": ""
                         }
                     ]
                 },
                 "includedTargets": {
                     "links": [
                         {
                             "rel": "",
                             "href": ""
                         }
                     ],
                     "addresses": [
                         ""
                     ]
                 }
             },
             "scanName": "",
             "onScanRepeat": "",
             "start": "",
             "duration": "",
             "links": [
                 {
                     "rel": "",
                     "href": ""
                 }
             ]
         }
     ],
     "links": [
         {
             "rel": "",
             "href": ""
         }
     ]
}

operation: Tag Asset

Input parameters

Parameter Description
Tag ID ID of the tag to which you want to add the specified asset in Rapid7 Nexpose.
Asset ID ID of the asset that you want to add to the specified tag in Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "links": [
         {
             "rel": "",
             "href": ""
         }
     ]
}

Included playbooks

The Sample - Rapid7 Nexpose - 1.3.0 playbook collection comes bundled with the Rapid7 Nexpose connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™after importing the Rapid7 Nexpose connector.

  • Create Tag
  • Execute Reference Link
  • Get Asset Groups
  • Get Asset(s)
  • Get Asset Associate with Tag
  • Get Assets Tags
  • Get Asset Vulnerability
  • Get Exploitable Vulnerabilities
  • Get Exploit Details
  • Get Exploits
  • Get Scan
  • Get Scan Engines
  • Get Scan Templates
  • Get Site
  • Get Site Scan Schedule(s)
  • Get Softwares on Asset
  • Get Tags
  • Get Vulnerability
  • Launch Site Scan
  • Tag Asset

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.

About the connector

Rapid7 Nexpose is a vulnerability assessment tool that aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting, and mitigation. It integrates with Rapid7's Metasploit for vulnerability exploitation.

This document provides information about the Rapid7 Nexpose connector, which facilitates automated interactions, with a Rapid7 Nexpose server using FortiSOAR™ playbooks. Add the Rapid7 Nexpose connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving information about assets, sites, scans, and vulnerabilities, and starting a scan on a specific site. 

Version information

Connector Version: 1.3.0

FortiSOAR™ Version Tested on: 5.1.0-464

Authored By: Fortinet

Certified: Yes

Release Notes for version 1.3.0

Following enhancements have been made to the Rapid7 Nexpose connector in version 1.3.0:

Installing the connector

From FortiSOAR™ 5.0.0 onwards, use the Connector Store to install the connector. For the detailed procedure to install a connector, click here.
You can also use the yum command to install connectors. Connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and run the yum command as a root user to install connectors:

yum install cyops-connector-rapid7-nexpose

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™, on the Connectors page, click the Rapid7 Nexpose connector row (if you are in the Grid view on the Connectors page) and in the Configurations tab enter the required configuration details: 

Parameter Description
Server URL IP address or Hostname URL of the Rapid7 Nexpose server to which you will connect and perform the automated operations.
Port Port number used to access the Rapid7 Nexpose server.
Username Username that has administrative privileges on the Rapid7 Nexpose server.
Password Password to access the Rapid7 Nexpose server.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

Actions supported by the connector

The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 and onwards:

Function Description Annotation and Category
Get Asset(s) Retrieves information about all assets or specific asset(s) (based on the filter criteria you have specified) from Rapid7 Nexpose. get_asset
Investigation
Get Asset Tags Retrieves a list of tags associated with a specific asset from Rapid7 Nexpose based on the asset ID you have specified. get_asset_tags
Investigation
Get Assets Associated with Tag Retrieves a list of assets associated with a specific tag from Rapid7 Nexpose based on the tag ID you have specified. get_asset
Investigation
Get Tags Retrieves details about all tag or specific tags from Rapid7 Nexpose based on the filter criteria you have specified. get_tags
Investigation
Get Softwares on Asset Retrieves a list of all installed software on a specific asset from Rapid7 Nexpose based on the asset ID you have specified. get_software
Investigation
Get Asset Vulnerability Retrieves information about vulnerabilities that are associated with a particular asset from Rapid7 Nexpose, based on the asset ID you have specified. get_vulnerabilities
Investigation
Get Vulnerability Retrieves information about all vulnerabilities or a specific vulnerability (based on the vulnerability ID you have specified) from Rapid7 Nexpose. get_vulnerabilities
Investigation
Get Exploits Retrieves a list of all known exploits from Rapid7 Nexpose based on the filter criteria you have specified. get_exploits
Investigation
Get Exploit Details Retrieves details about a specific exploit from Rapid7 Nexpose based on the exploit ID you have specified. get_exploit_details
Investigation
Get Exploitable Vulnerabilities Retrieves information about the exploitable vulnerabilities associated with a specific exploit from Rapid7 Nexpose based on the exploit ID you have specified. get_exploitable_vulnerabilities
Investigation
Get Asset Groups Retrieves information about all asset groups or specific group(s) (based on the filter criteria you have specified) from Rapid7 Nexpose. get_asset_groups
Investigation
Get Scan Retrieves information about all scans or a specific scan (based on the scan ID you have specified) from Rapid7 Nexpose. get_scan
Investigation
Get Scan Engines Retrieves information about all scan engines or specific scan engine(s) (based on the scan engine ID you have specified) that are available to use for scanning from Rapid7 Nexpose. get_scan_engines
Investigation
Get Scan Templates Retrieves information about all scan templates or specific scan template(s) (based on the scan template ID you have specified) from Rapid7 Nexpose. get_scan_templates
Investigation
Get Site Retrieves information about all sites or a specific site (based on the site ID you have specified) from Rapid7 Nexpose. get_site
Investigation
Execute Reference link Retrieves the records associated with the specified reference link from Rapid7 Nexpose. get_reference_link
Investigation
Launch Site Scan Starts a scan for a specified site based on the engine ID, template ID and other parameters you have specified. launch_scan
Investigation
Create Tag Creates a tag or tags in Rapid7 Nexpose based on the tag name and type and other input parameters you have specified. create_tags
Investigation
Get Site Scan Schedule(s) Retrieves site scan schedule information from Rapid7 Nexpose based on the site ID and schedule you have specified. get_site_scan_schedule
Investigation
Tag Asset Adds an asset to a tag in Rapid7 Nexpose based on the asset ID and tag ID you have specified. tag_asset
Investigation

operation: Get Asset(s)

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Apply Filter Criteria Logical operator to be applied to searching assets based on the filter criteria. The following options are available: Any or All.
If you select Any, then the results are displayed if any of the filter criteria that you have specified is met and if you select All, then the results are displayed only if all the filter criteria that you have specified is met.
IP Address Operator Logical operator to be applied to searching asset based on the IP address value. The following options are available: Is, Is Not, In Range, Not In Range, Like, or Not Like.
IP Address If you specify the IP Address Operator (other than In Range or Not In Range operator), then you must specify the IP address based on which you want to search for asset(s).
From IP Address
And
To IP Address
Only applicable if you have selected the In Range or Not In Range operator.
If you have selected the In Range or Not In Range operator, then specify the from (lower) value of the IP address that is part of the IP address range you want to use to search the asset(s).
If you have selected the In Range or Not In Range operator, then specify the to (higher) value of the IP address that is part of the IP address range you want to use to search the asset(s).
Asset Name Operator Logical operator to be applied to searching asset based on the name of the asset.
The following options are available: Is, Is Not, Starts With, Ends With, Contains, Not Contains, Is Empty, Is Not Empty, Like, or Not Like.
Asset Name If you specify the Asset Name Operator, then you must specify the name of the asset based on which you want to search for asset(s).
OS Operator Logical operator to be applied to searching asset based on the OS.
The following options are available: Contains, Not Contains, Is Empty, or Is Not Empty
OS Value If you specify the OS Operator, then you must specify the OS based on which you want to search for asset(s).
Site ID Operator Logical operator to be applied to searching asset based on the ID of the site. The following options are available: In, or Not In.
Site ID If you specify the Site ID Operator, then you must specify the ID of the site based on which you want to search for asset(s).
Open Port Number Operator Logical operator to be applied to searching asset based on the open port number. The following options are available: Is, Is Not, or In Range.
Open Port Number If you specify the Open Port Number Operator (other than the In Range operator), then you must specify the open port number based on which you want to search for asset(s).
From Open Port Number
And
To Open Port Number
Only applicable if you have selected the In Range operator.
If you have selected the In Range operator, then specify the from (lower) value of the open port number that is part of the open port number range you want to use to search the asset(s).
If you have selected the In Range operator, then specify the to (higher) value of the open port number that is part of the open port number range you want to use to search the asset(s).
User-Added Custom Tag Operator Logical operator to be applied to searching asset based on a user-added custom tag. The following options are available: Is, Is Not, Starts With, Ends With, Contains, Not Contains, Is Applied, or Is Not Applied.
User-Added Custom Tag Value If you specify the User-Added Custom Tag Operator, then you must specify the value of the user-added custom tag based on which you want to search for asset(s).
Vulnerability Category Operator Logical operator to be applied to searching asset based on a vulnerability category.
The following options are available: Is, Is Not, Starts With, Ends With, Contains, or Not Contains.
Vulnerability Category If you specify the Vulnerability Category Operator, then you must specify the value of the vulnerability category based on which you want to search for asset(s).
Vulnerability Title Operator Logical operator to be applied to searching asset based on a vulnerability title.
The following options are available: Is, Is Not, Starts With, Ends With, Contains, or Not Contains.
Vulnerability Title If you specify the Vulnerability Title Operator, then you must specify the value of the vulnerability category based on which you want to search for asset(s).
CVE ID Operator Logical operator to be applied to searching asset based on the CVE ID.
The following options are available: Is, Is Not, Contains, or Not Contains.
CVE ID If you specify the CVE ID Operator, then you must specify the value of the CVE ID based on which you want to search for asset(s).
User-Added Tag(Location) Operator Logical operator to be applied to searching asset based on a user-added location tag.
The following options are available: IS, Is Not, Starts With, Ends With, Contains, Not Contains, Is Applied, or Is Not Applied.
User-Added Tag(Location) Value If you specify the User-Added Tag(Location) Operator, then you must specify the value of the user-added location tag based on which you want to search for asset(s).
User-Added Criticality Level Operator Logical operator to be applied to searching asset based on a user-added criticality level.
The following options are available: Very High, High, Medium, Low, Very Low.
User-Added Criticality Level Value If you specify the User-Added Criticality Level Operator, then you must specify the value of the user-added criticality level based on which you want to search for asset(s).
User-Added Tag(Owners) Operator Logical operator to be applied to searching asset based on a user-added owners tag.
The following options are available: Is, Is Not, Starts With, Ends With, Contains, Not Contains, Is Applied, or Is Not Applied
User-Added Tag(Owners) Value If you specify the User-Added Tag(Owners) Operator, then you must specify the value of the user-added owners tag based on which you want to search for asset(s).
Page Number Page number from which you want to retrieve records.
Records Per Page Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "services": [
                 {
                     "protocol": "",
                     "port": "",
                     "links": [
                         {
                             "href": "",
                             "rel": ""
                         }
                     ]
                 }
             ],
             "vulnerabilities": {
                 "severe": "",
                 "moderate": "",
                 "total": "",
                 "critical": "",
                 "malwareKits": "",
                 "exploits": ""
             },
             "osFingerprint": {
                 "type": "",
                 "family": "",
                 "version": "",
                 "systemName": "",
                 "vendor": "",
                 "description": "",
                 "id": "",
                 "cpe": {
                     "v2.3": "",
                     "vendor": "",
                     "v2.2": "",
                     "product": "",
                     "version": "",
                     "part": ""
                 },
                 "product": ""
             },
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "assessedForVulnerabilities": "",
             "riskScore": "",
             "id": "",
             "os": "",
             "ip": "",
             "assessedForPolicies": "",
             "mac": "",
             "history": [
                 {
                     "scanId": "",
                     "type": "",
                     "date": "",
                     "version": ""
                 }
             ],
             "rawRiskScore": "",
             "addresses": [
                 {
                     "ip": "",
                     "mac": ""
                 }
             ]
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "page": {
         "totalResources": "",
         "number": "",
         "totalPages": "",
         "size": ""
     }
}

operation: Get Asset Tags

Input parameters

Parameter Description
Asset ID Identifier of the asset whose associated list of tags you want to retrieve from Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "source": "",
             "created": "",
             "id": "",
             "color": "",
             "name": "",
             "sources": [
                 {
                     "source": "",
                     "id": "",
                     "links": [
                         {
                             "href": "",
                             "id": "",
                             "rel": ""
                         }
                     ]
                 }
             ],
             "type": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ]
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ]
}

operation: Get Assets Associated with Tag

Input parameters

Parameter Description
Tag ID Identifier of the tag whose associated list of assets you want to retrieve from Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "sources": [],
             "id": ""
         }
     ],
     "links": [
         {
             "href": "",
             "id": "",
             "rel": ""
         }
     ]
}

operation: Get Tags

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Tag Name Name of the tag whose details you want to retrieve from Rapid Nexpose.
Tag Type Type of the tag whose details you want to retrieve from Rapid Nexpose.
Page Number Page number from which you want to retrieve records.
Records Per Page (Optional) Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "source": "",
             "created": "",
             "id": "",
             "color": "",
             "name": "",
             "type": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ]
         }
     ],
     "page": {
         "totalPages": "",
         "totalResources": "",
         "size": "",
         "number": ""
     },
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ]
}

operation: Get Softwares on Asset

Input parameters

Parameter Description
Asset ID Identifier of the asset for which you want to retrieve the list of installed software.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "configurations": [
                 {
                     "name": "",
                     "value": ""
                 }
             ],
             "cpe": {
                 "edition": "",
                 "other": "",
                 "swEdition": "",
                 "vendor": "",
                 "product": "",
                 "language": "",
                 "update": "",
                 "version": "",
                 "v2.2": "",
                 "targetSW": "",
                 "v2.3": "",
                 "targetHW": "",
                 "part": ""
             }
         }
     ],
     "type": "",
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "family": "",
     "vendor": "",
     "description": "",
     "id": "",
     "version": "",
     "product": ""
}

operation: Get Asset Vulnerability

Input parameters

Parameter Description
Asset ID ID of an asset whose associated vulnerabilities information you want to retrieve from Rapid7 Nexpose.
Detailed Reports (Optional) Select this option if you require detailed reports.
By default, this option is set to True.
Page Number (Optional) Page number from which you want to retrieve records.
Records Per Page (Optional) Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "resources": [
         {
             "categories": [],
             "id": "",
             "denialOfService": "",
             "severityScore": "",
             "cvss": {
                 "links": [
                     {
                         "href": "",
                         "rel": ""
                     }
                 ],
                 "v2": {
                     "exploitScore": "",
                     "availabilityImpact": "",
                     "integrityImpact": "",
                     "vector": "",
                     "authentication": "",
                     "accessComplexity": "",
                     "confidentialityImpact": "",
                     "score": "",
                     "impactScore": "",
                     "accessVector": ""
                 }
             },
             "severity": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "pci": {
                 "fail": "",
                 "adjustedSeverityScore": "",
                 "adjustedCVSSScore": "",
                 "status": ""
             },
             "exploits": "",
             "added": "",
             "title": "",
             "malwareKits": "",
             "riskScore": "",
             "description": {
                 "text": "",
                 "html": ""
             },
             "modified": "",
             "published": ""
         }
     ],
     "page": {
         "size": "",
         "totalPages": "",
         "number": "",
         "totalResources": ""
     }
}

operation: Get Vulnerability

Input parameters

Parameter Description
Vulnerability ID ID of a vulnerability whose information you want to retrieve from Rapid7 Nexpose.
Page Number (Optional) Page number from which you want to retrieve records.
Records Per Page (Optional) Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "severity": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "added": "",
             "categories": [],
             "description": {
                 "text": "",
                 "html": ""
             },
             "modified": "",
             "id": "",
             "title": "",
             "exploits": "",
             "riskScore": "",
             "published": "",
             "denialOfService": "",
             "malwareKits": "",
             "cvss": {
                 "v2": {
                     "vector": "",
                     "authentication": "",
                     "score": "",
                     "integrityImpact": "",
                     "exploitScore": "",
                     "availabilityImpact": "",
                     "impactScore": "",
                     "accessComplexity": "",
                     "accessVector": "",
                     "confidentialityImpact": ""
                 },
                 "links": [
                     {
                         "href": "",
                         "rel": ""
                     }
                 ]
             },
             "severityScore": "",
             "pci": {
                 "status": "",
                 "fail": "",
                 "adjustedSeverityScore": "",
                 "adjustedCVSSScore": ""
             }
         }
     ]
}

operation: Get Exploits

Input parameters

Parameter Description
Page Number Page number from which you want to retrieve records.
Records Per Page Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "title": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "source": {
                 "link": {
                     "href": "",
                     "rel": "",
                     "id": ""
                 },
                 "name": "",
                 "key": ""
             },
             "id": "",
             "skillLevel": ""
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "page": {
         "totalResources": "",
         "number": "",
         "totalPages": "",
         "size": ""
     }
}

operation: Get Exploit Details

Input parameters

Parameter Description
Exploit ID Identifier of the exploit whose details you want to retrieve from Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "title": "",
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "source": {
         "link": {
             "href": "",
             "rel": "",
             "id": ""
         },
         "name": "",
         "key": ""
     },
     "id": "",
     "skillLevel": ""
}

operation: Get Exploitable Vulnerabilities

Input parameters

Parameter Description
Exploit ID Identifier of the exploit whose associated exploitable vulnerabilities you want to retrieve from Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         ""
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ]
}

operation: Get Asset Groups

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Group Type Type of asset group whose information you want to retrieve from Rapid7 Nexpose.
Group Name Search pattern for the name of the asset group whose information you want to retrieve from Rapid7 Nexpose.
Note: Searches in Rapid7 Nexpose are "case-insensitive contains".
Page Number Page number from which you want to retrieve records.
Records Per Page Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "vulnerabilities": {
                 "moderate": "",
                 "total": "",
                 "critical": "",
                 "severe": ""
             },
             "type": "",
             "name": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "assets": "",
             "description": "",
             "searchCriteria": {
                 "match": "",
                 "filters": [
                     {
                         "operator": "",
                         "field": "",
                         "value": ""
                     }
                 ]
             },
             "riskScore": "",
             "id": ""
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "page": {
         "totalResources": "",
         "number": "",
         "totalPages": "",
         "size": ""
     }
}

operation: Get Scan

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Scan ID ID of a scan whose information you want to retrieve from Rapid7 Nexpose.
Show Active Scan Reports Select this option if you want to include only active scan reports.
By default, this option is set to False.
Page Number Page number from which you want to retrieve records.
Records Per Page Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "status": "",
             "assets": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "scanType": "",
             "siteId": "",
             "engineName": "",
             "endTime": "",
             "id": "",
             "vulnerabilities": {
                 "moderate": "",
                 "total": "",
                 "critical": "",
                 "severe": ""
             },
             "startTime": "",
             "scanName": "",
             "engineId": "",
             "siteName": "",
             "duration": ""
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "page": {
         "totalResources": "",
         "number": "",
         "totalPages": "",
         "size": ""
     }
}

operation: Get Scan Engines

Input parameters

Parameter Description
Scan Engine ID (Optional) Identifier of the scan engine whose information you want to retrieve from Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "name": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "port": "",
             "lastUpdatedDate": "",
             "productVersion": "",
             "address": "",
             "contentVersion": "",
             "id": "",
             "sites": []
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ]
}

operation: Get Scan Templates

Input parameters

Parameter Description
Scan Template ID (Optional) Identifier of the scan template whose information you want to retrieve from Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "vulnerabilityEnabled": "",
             "policyEnabled": "",
             "telnet": {},
             "maxParallelAssets": "",
             "web": {
                 "userAgent": "",
                 "dontScanMultiUseDevices": "",
                 "patterns": {
                     "sensitiveField": ""
                 },
                 "testXssInSingleScan": "",
                 "includeQueryStrings": "",
                 "performance": {
                     "maximumTime": "",
                     "maximumRetries": "",
                     "maximumPages": "",
                     "httpDaemonsToSkip": [],
                     "maximumForeignHosts": "",
                     "responseTimeout": "",
                     "threadsPerServer": "",
                     "maximumDirectoryLevels": "",
                     "maximumLinkDepth": ""
                 },
                 "testCommonUsernamesAndPasswords": "",
                 "paths": {
                     "honorRobotDirectives": ""
                 }
             },
             "maxScanProcesses": "",
             "description": "",
             "enableWindowsServices": "",
             "id": "",
             "checks": {
                 "individual": {
                     "enabled": [],
                     "disabled": []
                 },
                 "types": {
                     "enabled": [],
                     "disabled": []
                 },
                 "potential": "",
                 "correlate": "",
                 "categories": {
                     "enabled": [],
                     "disabled": []
                 },
                 "unsafe": ""
             },
             "policy": {
                 "storeSCAP": "",
                 "recursiveWindowsFSSearch": ""
             },
             "name": "",
             "enhancedLogging": "",
             "discoveryOnly": "",
             "discovery": {
                 "service": {
                     "serviceNameFile": "",
                     "udp": {
                         "ports": ""
                     },
                     "tcp": {
                         "ports": "",
                         "method": ""
                     }
                 },
                 "asset": {
                     "treatTcpResetAsAsset": "",
                     "sendIcmpPings": "",
                     "collectWhoisInformation": "",
                     "fingerprintMinimumCertainty": "",
                     "ipFingerprintingEnabled": "",
                     "sendArpPings": "",
                     "fingerprintRetries": ""
                 },
                 "performance": {
                     "retryLimit": "",
                     "scanDelay": {
                         "minimum": "",
                         "maximum": ""
                     },
                     "timeout": {
                         "minimum": "",
                         "maximum": "",
                         "initial": ""
                     },
                     "packetRate": {
                         "minimum": "",
                         "defeatRateLimit": "",
                         "maximum": ""
                     },
                     "parallelism": {
                         "minimum": "",
                         "maximum": ""
                     }
                 }
             },
             "database": {
                 "oracle": []
             },
             "webEnabled": ""
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ]
}

operation: Get Site

Input parameters

Note: All the input parameters are optional. However, if you do not specify any parameter, then no filter criterion is applied, and an unfiltered list is returned.

Parameter Description
Site ID ID of a site whose information you want to retrieve from Rapid7 Nexpose.
Page Number Page number from which you want to retrieve records.
Records Per Page Maximum number of results that this operation should return.
By default, this is set to 10.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "vulnerabilities": {
                 "moderate": "",
                 "total": "",
                 "critical": "",
                 "severe": ""
             },
             "type": "",
             "links": [
                 {
                     "href": "",
                     "rel": ""
                 }
             ],
             "importance": "",
             "assets": "",
             "description": "",
             "name": "",
             "id": "",
             "scanTemplate": "",
             "lastScanTime": "",
             "riskScore": "",
             "scanEngine": ""
         }
     ],
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "page": {
         "totalResources": "",
         "number": "",
         "totalPages": "",
         "size": ""
     }
}

operation: Execute Reference link

Input parameters

Parameter Description
Reference Link Reference link (href) based on which you want to retrieve the record from Rapid Nexpose.

Output

The output contains a non-dictionary value.

operation: Launch Site Scan

Input parameters

Parameter Description
Site ID Identifier of the site for which you want to start the scan.
Engine ID Identifier of the scan engine to be used for scanning.
Template ID Identifier of the scan template to be used for scanning.
Asset Group IDs (Optional) Identifiers of asset groups to be included as a part of the scan. Only asset groups that assigned to the site can be specified for a scan. This value should be an array of integers representing the unique identifiers of the asset groups.
Hosts (Optional) Hosts to be included as a part of the scan. You can specify hosts as a mixture of IP addresses and hostnames as a String array.
Scan Name (Optional) User-specified scan name for the scan that you want to start on the specified site.

Output

The output contains the following populated JSON schema:
{
     "links": [
         {
             "href": "",
             "rel": ""
         }
     ],
     "id": ""
}

operation: Create Tag

Input parameters

Parameter Description
Tag Name Name of the tag that you want to create in Rapid7 Nexpose.
Tag Type Type of the tag that you want to create in Rapid7 Nexpose.
Color (Optional) Color that is to be used to render the tag on the user interface.
Risk Modifier (Optional) Amount of risk adjustment that should be made for an asset tagged with this tag.
Created (Optional) Date and time when the tag is created in Rapid7 Nexpose.
Other Fields (Optional) Other fields in the JSON format that you want to add while creating the tag in Rapid7 Nexpose.
For example, add a Search criterion that can be used to determine the dynamic membership field or a Links field.

Output

The output contains the following populated JSON schema:
{
     "id": "",
     "links": [
         {
             "rel": "",
             "href": ""
         }
     ]
}

operation: Get Site Scan Schedule(s)

Input parameters

Parameter Description
Site ID ID of a site whose scan schedules and information you want to retrieve from Rapid7 Nexpose.
Schedule Id ID of a schedule whose associated scan sites schedules and information you want to retrieve from Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "resources": [
         {
             "enabled": "",
             "repeat": {
                 "interval": "",
                 "lastDayOfMonth": "",
                 "dayOfWeek": "",
                 "every": "",
                 "weekOfMonth": ""
             },
             "id": "",
             "nextRuntimes": [
                 ""
             ],
             "scanEngineId": "",
             "scanTemplateId": "",
             "assets": {
                 "excludedTargets": {
                     "links": [
                         {
                             "rel": "",
                             "href": ""
                         }
                     ],
                     "addresses": [
                         ""
                     ]
                 },
                 "excludedAssetGroups": {
                     "assetGroupIDs": [
                         ""
                     ],
                     "links": [
                         {
                             "rel": "",
                             "href": ""
                         }
                     ]
                 },
                 "includedAssetGroups": {
                     "assetGroupIDs": [
                         ""
                     ],
                     "links": [
                         {
                             "rel": "",
                             "href": ""
                         }
                     ]
                 },
                 "includedTargets": {
                     "links": [
                         {
                             "rel": "",
                             "href": ""
                         }
                     ],
                     "addresses": [
                         ""
                     ]
                 }
             },
             "scanName": "",
             "onScanRepeat": "",
             "start": "",
             "duration": "",
             "links": [
                 {
                     "rel": "",
                     "href": ""
                 }
             ]
         }
     ],
     "links": [
         {
             "rel": "",
             "href": ""
         }
     ]
}

operation: Tag Asset

Input parameters

Parameter Description
Tag ID ID of the tag to which you want to add the specified asset in Rapid7 Nexpose.
Asset ID ID of the asset that you want to add to the specified tag in Rapid7 Nexpose.

Output

The output contains the following populated JSON schema:
{
     "links": [
         {
             "rel": "",
             "href": ""
         }
     ]
}

Included playbooks

The Sample - Rapid7 Nexpose - 1.3.0 playbook collection comes bundled with the Rapid7 Nexpose connector. These playbooks contain steps using which you can perform all supported actions. You can see bundled playbooks in the Automation > Playbooks section in FortiSOAR™after importing the Rapid7 Nexpose connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.