Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Adding a Rapid7 NeXpose Scanner API Site Import

 

API imports enable JSA to import ad hoc report data for vulnerabilities on your sites from Rapid7 NeXpose scanners. The site data the scan schedule imports depends on the site name.

Before you add this scanner, a server certificate is required to support HTTPS connections. JSA supports certificates with the following file extensions: .crt, .cert, or .der. To copy a certificate to the /opt/qradar/conf/trusted_certificates directory, choose one of the following options:

  • Manually copy the certificate to the /opt/qradar/conf/trusted_certificates directory by using SCP or SFTP.

  • SSH into the Console or managed host and retrieve the certificate by using the following command: /opt/qradar/bin/getcert.sh <IP or Hostname> <optional port - 443 default>. A certificate is then downloaded from the specified host name or IP and placed into /opt/qradar/conf/trusted_certificates directory in the appropriate format.

  1. Click Admin > System Configuration.
  2. Click the VA Scanners icon, and then click Add.
  3. Type a Scanner Name to identify your Rapid7 NeXpose scanner.
  4. Select the Managed Host from your JSA deployment that manages the scanner import.
  5. Select Rapid7 Nexpose Scanner from the Type list.
  6. From the Import Type list, select Import Site Data - Local File.
    • Import Site Data - Asset and Vulnerability data via SQL API - Default and suggested option for importing results.

    • Import Site Data - Adhoc Report via API

  7. In the Remote Hostname field, type the IP address or host name of the Rapid7 NeXpose scanner.
  8. In the Login Username field, type the user name that is used to access the Rapid7 NeXpose scanner. The login must be a valid user. The user name can be obtained from the Rapid7 NeXpose user interface or from the Rapid7 NeXpose administrator.
  9. In the Login Password field, type the password to access the Rapid7 NeXpose scanner.
  10. In the Port field, type the port that is used to connect to the Rapid7 NeXpose Security Console. The port number is the same port to connect to the Rapid7 NeXpose user interface.
  11. In the Site Name Pattern field, type the regular expression (regex) to determine which Rapid7 NeXpose sites to include in the scan. All sites that match the pattern are included when the scan schedule starts. The default value regular expression is .* to import all site names.
  12. In the Cache Timout (Minutes) field, type the length of time the data from the last generated scan report is stored in the cache.

    If the cache timeout limit expires, new vulnerability data is requested from the API when the scheduled scan starts.

  13. Enter the path to the local directory to store downloaded XML reports.
  14. To configure a CIDR range for the scanner complete the following steps:
    1. In the text field, type the CIDR range for the scan or click Browse to select a CIDR range from the network list.

    2. Click Add.

  15. Click Save.
  16. On the Admin tab, click Deploy Changes.

You are now ready to create a scan schedule. See Scheduling a Vulnerability Scan.