
Rapid7 Nexpose Data Warehouse
Vulnerability Management- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
The Rapid7 Nexpose Data Warehouse Connector integrates with the Rapid7 InsightVM / Nexpose Data Warehouse, a PostgreSQL database that Nexpose exports its dimensional reporting data into. The connector connects directly to that PostgreSQL warehouse over JDBC and syncs vulnerability management data into the Brinqa Unified Data Model (UDM).
It synchronizes three models:
- Host — assets known to Nexpose, including operating system, addresses, sites, asset groups, tags and cloud instance identifiers.
- Vulnerability Definition — the catalog of vulnerability definitions, including CVSS v2/v3 metrics, CVE references, exploits, malware kits and remediation guidance.
- Vulnerability — per-asset vulnerability findings (instances), including status, severity, ports/services and remediation/reintroduction dates.
All database access is performed read-only; the connector opens connections with setReadOnly(true) and issues SELECT-only queries.
Data retrieved from Rapid7 Nexpose Data Warehouse
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Host | Yes | Host |
| Vulnerability Definition | Yes | Vulnerability Definition |
| Vulnerability | Yes | Vulnerability |
Model relationships
For detailed steps on how to view the data retrieved from Rapid7 Nexpose Data Warehouse in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select Rapid7 Nexpose Data Warehouse from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| Server name | Yes | localhost | Nexpose data warehouse server name. |
| Server port | Yes | 5432 | TCP/IP port for Postgres server, defaults to 5432. |
| Database name | Yes | — | Nexpose data warehouse database name |
| User | Yes | — | Login for postgres server |
| Password | Yes | — | Password for postgres server |
| Fetch Size | No | 1000 | Sets the number of rows per batch, during query processing. |
| SSL / TLS | No | false | Use SSL |
| SSL / TLS | No | false | Skip certificate verification |
Authentication
This connector does not use a REST/OAuth API. It authenticates directly to the Nexpose Data Warehouse PostgreSQL instance using standard database credentials.
| Mechanism | Detail |
|---|---|
| Method | PostgreSQL username/password (JDBC) |
| Driver | org.postgresql.ds.PGSimpleDataSource |
| Connection mode | Read-only, auto-commit disabled (enables server-side cursor paging via fetch size) |
| Transport security | Optional SSL/TLS; optional non-validating SSL factory in dev mode |
Connection parameters
| Parameter | Source property | Description |
|---|---|---|
| Host | serverName | PostgreSQL server hostname |
| Port | serverPort | PostgreSQL TCP port (default 5432) |
| Database | databaseName | Warehouse database name |
| User | user | PostgreSQL login |
| Password | password | PostgreSQL password (stored as a confidential value) |
| SSL | ssl | Enables TLS for the connection |
Connectivity test
On test/validate, the connector executes a minimal read-only query to confirm credentials and connectivity:
SELECT 1
The latest sync token is derived from the maximum assessment timestamp on the asset dimension:
select max(last_assessed_for_vulnerabilities) from dim_asset
There is no bearer token or session credential; the supplied database username and password are used directly on every connection.
Sync Behavior
The connector supports both full and incremental (delta) syncs.
- On the first run — or any run without a stored sync token — it performs a full download of every model.
- On subsequent runs it uses the previously stored sync token (a timestamp) to fetch only records changed at or after that time (an incremental, or delta, sync).
The sync token is derived from the maximum assessment timestamp on the asset dimension:
select max(last_assessed_for_vulnerabilities) from dim_asset
Each model applies the sync token as follows:
- Host — filters on
dim_asset.last_assessed_for_vulnerabilities >= since. - Vulnerability Definition — filters on
dim_vulnerability.date_modified >= since. - Vulnerability — filters on
asset.last_assessed_for_vulnerabilities >= since.
When no sync token is supplied, the WHERE filter is omitted and the full data set is returned. All queries stream results using a server-side cursor, fetching fetchSize rows per batch.
How to obtain Rapid7 Nexpose Data Warehouse credentials
Obtain the required credentials (serverName, serverPort, databaseName, user, password) from your Rapid7 Nexpose Data Warehouse administrator or the Rapid7 Nexpose Data Warehouse admin console, then enter them in the connection settings above.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Host
| Source Field Name | SDM Attribute |
|---|---|
| composed from OS description, host type and hostname | DESCRIPTION |
| constant active | STATUS |
constant Host plus dim_asset.host_type | CATEGORIES |
| derived: hostname, else cloud instance id, else IP address, else asset_id | NAME |
dim_asset.assessed_for_policies | ASSESSED_FOR_POLICIES |
dim_asset.assessed_for_vulnerabilities | ASSESSED_FOR_VULNERABILITIES |
dim_asset.asset_id | UID |
dim_asset.credential_status | CREDENTIAL_STATUS |
dim_asset.host_name | RAW_HOSTNAME |
dim_asset.host_name when it resolves to a public DNS name | PUBLIC_DNS_NAMES |
dim_asset.host_name when not a public DNS name | PRIVATE_DNS_NAMES |
dim_asset.last_assessed_for_vulnerabilities | LAST_SEEN |
dim_asset.last_assessed_for_vulnerabilities | LAST_SCANNED |
dim_asset.os_architecture | OS_ARCHITECTURE |
dim_asset.os_cpe | OS_CPE |
dim_asset.os_description | OPERATING_SYSTEM |
dim_asset.os_family | OS_FAMILY |
dim_asset.os_name | OS_NAME |
dim_asset.os_system | OS_SYSTEM |
dim_asset.os_type | OS_TYPE |
dim_asset.os_vendor | OS_VENDOR |
dim_asset.os_version | OS_VERSION |
dim_asset.risk_modifier | RISK_MODIFIER |
dim_asset.sites (comma-split) | SITES |
| first non-local IP from dim_asset_address | PUBLIC_IP_ADDRESSES |
| group names from dim_asset_group_asset | ASSET_GROUPS |
| IP addresses from dim_asset_address | IP_ADDRESSES |
| local/private IPs from dim_asset_address | PRIVATE_IP_ADDRESSES |
normalized form of dim_asset.host_name | HOSTNAMES |
| normalized MAC of primary address from dim_asset_address | MAC_ADDRESSES |
| source: uniqueId pairs from dim_asset_unique_id | UNIQUE_IDENTIFIERS |
| tag values from dim_asset_tag | TAGS |
unique id whose source is a cloud provider (AWS, Azure, GCP, OCI) from dim_asset_unique_id | INSTANCE_ID |
Vulnerability Definition
| Source Field Name | SDM Attribute |
|---|---|
dim_vulnerability.cvss_score | CVSS_V2_BASE_SCORE |
dim_vulnerability.cvss_v3_score | CVSS_V3_BASE_SCORE |
dim_vulnerability.cvss_v3_vector | CVSS_V3_VECTOR |
dim_vulnerability.cvss_vector | CVSS_V2_VECTOR |
dim_vulnerability.date_added | SOURCE_CREATED_DATE |
dim_vulnerability.date_modified | SOURCE_LAST_MODIFIED |
dim_vulnerability.date_published | PUBLISHED_DATE |
dim_vulnerability.denial_of_service | DENIAL_OF_SERVICE |
dim_vulnerability.description | DESCRIPTION |
dim_vulnerability.exploit_skill_level | EXPLOIT_SKILL_LEVEL |
dim_vulnerability.malware_popularity | MALWARE_POPULARITY |
dim_vulnerability.nexpose_id | UID |
dim_vulnerability.pci_severity_score | PCI_SEVERITY |
dim_vulnerability.pci_status | PCI_STATUS |
dim_vulnerability.risk_score | SOURCE_RISK_SCORE |
dim_vulnerability.severity_score rescaled to 1–5 | SOURCE_SEVERITY |
dim_vulnerability.title | NAME |
dim_vulnerability.title | SUMMARY |
dim_vulnerability.vulnerability_id | VULNERABILITY_ID |
| dim_vulnerability_category | CATEGORIES |
| dim_vulnerability_cve_reference | CVE_IDS |
| dim_vulnerability_cve_reference | CVE_RECORDS |
| dim_vulnerability_exploit | EXPLOITS |
| dim_vulnerability_malware_kit | MALWARE |
| dim_vulnerability_url_reference | REFERENCES |
| normalized from rescaled severity | SEVERITY |
| parsed from the CVSS v2 vector | CVSS_V2_AV / AC / AU / CI / II / AI / E / RL / RC / SEVERITY |
| parsed from the CVSS v3 vector | CVSS_V3_AV / AC / PR / UI / CI / II / AI / E / RL / RC / SEVERITY |
| solution summary + fix from dim_vulnerability_solution / dim_solution | RECOMMENDATION |
| true when an associated solution type is PATCH | PATCHABLE |
Vulnerability
| Source Field Name | SDM Attribute |
|---|---|
asset.last_assessed_for_vulnerabilities | LAST_FOUND |
| asset_id | TARGETS |
| computed: reopened if reintroduced, fixed if remediated, else active | STATUS |
| derived from STATUS | STATUS_CATEGORY |
fdate.date | FIRST_FOUND |
fdate.reintroduced_date | REINTRODUCED_DATE |
| host_name | HOSTNAMES |
htmltotext(inst.proof) | RESULTS |
inst.key | KEY |
inst.port | PORT |
inst.protocol | PROTOCOL |
inst.service | SERVICE |
inst.status (aliased type) | CATEGORIES |
| ip_address | IP_ADDRESSES |
| MD5 of asset_id, nexpose_id, port, protocol, key and raw proof | UID |
| nexpose_id | TYPE |
normalized from severity_score (critical/high/medium/low) | SEVERITY |
remediation_date (from fact_asset_vulnerability_remediation_date) | LAST_FIXED |
vuln.severity | SOURCE_SEVERITY |
vuln.vulnerability_id | VULNERABILITY_ID |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Host
Operation options
This object does not support any operation options.
Delta sync
Supported.
API
- Type: SQL query (PostgreSQL data warehouse)
- Default filters:
last_assessed_for_vulnerabilities >= since(applied only when a sync token is supplied)
Vulnerability Definition
Operation options
This object does not support any operation options.
Delta sync
Supported.
API
- Type: SQL query (PostgreSQL data warehouse)
- Default filters:
date_modified >= since(applied only when a sync token is supplied)
Vulnerability
Operation options
| Option | Type | Default | Description |
|---|---|---|---|
title | String | vuln.title LIKE ? (e.g. X.509%) | |
nexpose_id | String | vuln.nexpose_id = ? (e.g. certificate-common-name-mismatch) | |
asset_id | Long | asset.asset_id = ? |
Delta sync
Supported.
API
- Type: SQL query (PostgreSQL data warehouse)
- Default filters:
asset.last_assessed_for_vulnerabilities >= sincewhen a sync token is supplied, plus optionalvuln.title LIKE ?,vuln.nexpose_id = ?andasset.asset_id = ?operation filters
Changelog
The Rapid7 Nexpose Data Warehouse connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 3.0.17 | Overview The Rapid7 Nexpose Data Warehouse connector integrates with the Rapid7 InsightVM / Nexpose Data Warehouse, connecting directly to its PostgreSQL reporting database over JDBC to synchronize assets, vulnerability definitions, and per-asset vulnerability findings into the Brinqa Unified Data Model. All database access is read-only. Category: Vulnerability Management Models | N/A |