Infoblox and Rapid7 Nexpose together enable security and incident response teams to leverage the integration of vulnerability scanners and DNS security to enhance visibility, manage assets, ease compliance and automate remediation. This video shows how the integration with Rapid7 works using Outbound API NIOS 8.1 feature.
All necessary templates are attached to this post. The templates are provided “as-is”, please check them in you Lab environment and modify for your needs before implementing them in production.
The templates require Extensible Attributes, described in the table below. It is recommended to inherit attributes with the default values from the network view level.
|R7_Sync||Defines if an object should be synced with Rapid7 Nexpose. Possible values: true, false|
|R7_SyncedAt||Contains date/time when the object was synchronized, updated by the assets management template|
|R7_NetToSite||Defines if a network should be added to a site (as shown on the video). Possible values: true, false. If R7_NetToSite is false but R7_Sync is true, R7_SiteID will be updated.|
|R7_RangeToSite||Defines if a range should be added to a site. Possible values: true, false. If R7_NetToSite is false but R7_Sync is true, R7_SiteID will be updated.|
|R7_ScanOnEvent||Defines if an asset should be scanned if RPZ or DNS Tunneling events were triggered|
|R7_ScanOnAdd||Defines if an asset should be scanned immediately after creation|
|R7_ScanTemplate||Defines a Rapid7 Nexpose template which should be used for scans initiated by an Infoblox appliance. Possible values: default, full-audit, full-audit-without-web-spider etc (internal templates IDs). If set to “default” then a template configured for a site will be used.|
|R7_Site||Defines a Site name|
|R7_SiteID||Contains an internal site ID. Updated automatically. If the value was inherited from a top level, templates will bypass a few steps retrieving this ID. It should not be manually updated.|
|R7_LastScan||Contains a date when an asset was scanned last time by a request from Infoblox|
|R7_AddByHostname||Defines if a host should be synced with Rapid7 Nexpose using a hostname. The hostname should be resolvable by Nexpose. Possible values: true, false|
You can use attached PHP script to create these EAs (do not forget to update $NIOS_baseURL, $NIOS_User, $NIOS_PWD, $data variables based on your configuration)
The detailed description how the templates work you can find in these posts:
Any feedback and/or questions are appreciated and very welcome.