Rapid7 Nexpose Data Warehouse
Rapid7 Nexpose is an on-premises vulnerability scanner, which allows you to export data to an external data warehouse. You can use the Rapid7 Nexpose Data Warehouse connector to bring host and security data from your data warehouse into Brinqa to construct a unified view of your attack surface and strengthen your cybersecurity posture.
This document details the information you must provide for the connector to authenticate with Rapid7 Nexpose and how to obtain that information from Rapid7. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Rapid7 Nexpose Data Warehouse from the Connector drop-down. If you cannot find the connector in the drop-down, make sure you have installed it first. You must provide the following information to authenticate Rapid7 Nexpose Data Warehouse with Brinqa:
-
Server name: The URL of your PostgreSQL server.
-
Server port: The TCP/IP port of your PostgreSQL server. The server port defaults to 5432.
-
Database name: The name of your Nexpose data warehouse database.
-
User and Password: The login credentials for the PostgreSQL Server. The user must have
readaccess to the database.
Additional settings
The Rapid7 Nexpose Data Warehouse connector contains additional options for specific configuration:
-
Fetch size: Set the number of rows per batch during query processing. The default is 1000.
-
Use SSL: Use a SSL connection to the target database during the data import process. This ensures that all data transmitted from the warehouse is encrypted in transit.
-
Skip certificate verification: Select this option to allow for untrusted certificates.
Types of data to retrieve
The Rapid7 Nexpose Data Warehouse connector can retrieve the following types of data from the data warehouse:
Table 1: Data retrieved from Rapid7 Nexpose
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Host | Yes | Host |
| Vulnerability | Yes | Vulnerability |
| Vulnerability Definition | Yes | Vulnerability Definition |
The Rapid7 Nexpose Data Warehouse connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from Rapid7 Nexpose Data Warehouse in the Brinqa Platform, see How to view your data.
Attribute mappings
Click the tabs below to view the mappings between the source and the Brinqa data model attributes.
Host
Table 2: Host attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| address.getIpAddress | ipAddresses, privateIpAddresses |
| address.getMacAddress | macAddresses |
| assessed_for_policies | Local variable |
| assessed_for_vulnerabilities | Local variable |
| assetId | uid |
| associatedValues.assetGroups.get | Local variable |
| associatedValues.tags.get | tags |
| categories | categories |
| credential_status | Local variable |
| description | description |
| hostname | hostnames, publicDnsName, privateDnsName |
| instance id | cloudInstanceId |
| last_assessed_for_vulnerabilities | lastSeen, lastScanned |
| name | name |
| os_architecture | Local variable |
| os_cpe | Local variable |
| os_description | os |
| os_family | Local variable |
| os_name | Local variable |
| os_system | Local variable |
| os_type | Local variable |
| os_vendor | Local variable |
| os_version | Local variable |
| publicIpAddress.get | publicIpAddress |
| risk_modifier | Local variable |
| sites | Local variable |
| status | status |
| unique identifiers | Local variable |
Vulnerability
Table 3: Vulnerability attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| asset_id | targets |
| first_found | firstFound |
| host_name | hostnames |
| ip_address | ipAddresses |
| key | Local variable |
| last_found | lastFound |
| nexpose_id | type |
| port | port |
| proof | results |
| protocol | protocol |
| service | Local variable |
| severity | sourceSeverity |
| severityScore | severity |
| status | status, statusCategory |
| uid | uid |
| vulnerability_id | Local variable |
Vulnerability Definition
Table 4: Vulnerability Definition attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| categories | categories |
| cvss_score | cvssV2BaseScore |
| cvss_vector | cvssV2Vector |
| cvss_v3_score | cvssV3BaseScore |
| cvss_v3_vector | cvssV3Vector |
| cvssv2.getAttackComplexity | cvssV2AccessComplexity |
| cvssv2.getAttackVector | cvssV2AttackVector |
| cvssv2.getAuthentication | cvssV2Authentication |
| cvssv2.getAvailability | cvssV2AvailabilityImpact |
| cvssv2.getConfidentiality | cvssV2ConfidentialityImpact |
| cvssv2.getExploitability | cvssV2Exploitability |
| cvssv2.getIntegrity | cvssV2IntegrityImpact |
| cvssv2.getRemediationLevel | cvssV2RemediationLevel |
| cvssv2.getReportConfidence | ccvssV2ReportConfidence |
| cvssv2.getSeverity | cvssV2Severity |
| cvssv3.getAttackComplexity | cvssV3AttackComplexity |
| cvssv3.getAttackVector | cvssV3AttackVector |
| cvssv3.getAvailability | cvssV3AvailabilityImpact |
| cvssv3.getConfidentiality | cvssV3ConfidentialityImpact |
| cvssv3.getExploitability | cvssV3ExploitCodeMaturity |
| cvssv3.getIntegrity | cvssV3IntegrityImpact |
| cvssv3.getPrivilegesRequired | cvssV3PrivilegesRequired |
| cvssv3.getRemediationLevel | cvssV3RemediationLevel |
| cvssv3.getReportConfidence | cvssV3ReportConfidence |
| cvssv3.getSeverity | cvssV3Severity |
| cvssv3.getUserInteraction | cvssV3Ui |
| cves | cveIds, cveRecords |
| date_added | sourceCreatedDate |
| date_modified | sourceLastModified |
| date_published | publishedDate |
| denial_of_service | Local variable |
| description | description |
| exploits | exploits |
| exploit_skill_level | Local variable |
| malwareKits | malware |
| malware_popularity | Local variable |
| pci_severity | Local variable |
| pci_status | Local variable |
| recommendation | recommendation |
| risk_score | Local variable |
| score.getBaseScore | cvssV2BaseScore, cvssV3BaseScore |
| severity | sourceSeverity, severity |
| title | name, summary |
| urls | references |
| uid | uid |
| vulnerability_id | Local variable |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Changelog
The Rapid7 Nexpose Data Warehouse connector has undergone the following changes:
Table 5: Rapid7 Nexpose Data Warehouse connector changelog
| Version | Description |
|---|---|
| 3.3.3 | No change. |
| 3.0.16 | Changed the VULNERABILITY_ID attribute type on the Vulnerability Definition object from string to integer. |
| 3.0.15 | Changed the ASSESSED_FOR_VULNERABILITIES attribute type on the Host object from string to boolean. |
| 3.0.14 | Fixed an issue where the CREDENTIAL_STATUS attribute on the Host object was incorrectly set to the boolean type. |
| 3.0.12 | Fixed an issue where the connector was not pulling in data. |
| 3.0.11 | Updated to fetch azure_vmid as the Instance ID for Azure assets. |
| 3.0.10 | Added a 'fixed' status if the remediation_date is set in the source. |
| 3.0.9 | Added a CATEGORIES attribute in the Vulnerability object to store information about the vulnerability type. |
| 3.0.8 | Enhanced to normalize hostnames retrieved from Rapid7 Nexpose Data Warehouse. |
| 3.0.7 | Segregated local process files to avoid conflicts between multiple syncs. |
| 3.0.0 | Initial Integration+ release. |